Hackers target Elasticsearch clusters in fresh malware campaign

Security researchers have observed a spike in attacks from multiple threat actors targeting Elasticsearch clusters, in what is believed to be an attempt to spread malware on victims’ machines. Attackers appear targeting clusters using versions 1.4.2 and lower, and are Read More …

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code. The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco Read More …

Russian national, author of NeverQuest banking trojan, pleads guilty

A Russian national pleaded guilty today in a New York court of creating, running, and infecting users with the NeverQuest banking trojan –also known as Snifula and Vawtrack. The man’s name is Stanislav Vitaliyevich Lisov, a Russian national who went Read More …

Looming retirement of legacy system custodians put global IT systems at risk

Government IT systems and critical infrastructure systems around the world are at risk due to legacy technology and the pending retirement of those who have historically maintained these older systems. Of the U.S. General Services Administration’s mission-critical IT staff, 20-50 percent will Read More …

19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support

A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app’s devs removed it when they patched the security issue. Nadav Grossman from Check Point Software Technologies was Read More …