News


  • Facebook approaches major cybersecurity firms, acquisition goals in mind

    October 22, 2018

    Facebook has promised rapid internal changes in the way our data, security, and privacy is managed in the wake of a massive data breach — but this may not be the only step the company plans to take. Evidence has been gathered which demonstrates that Russian operatives covertly used the social network to spread fake news ...

  • Two Critical RCE Bugs Patched in Drupal 7 and 8

    October 20, 2018

    Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to take control of an affected system,” according to a security bulletin posted by the United States ...

  • HealthCare.gov system hack leaves 75,000 individuals exposed

    October 20, 2018

    A hack was detected earlier this month in a government computer system that works alongside HealthCare.gov, exposing the personal information of approximately 75,000 people, according to the agency in charge of the portal. In a statement to CNN, the Centers for Medicare and Medicaid Services (CMS) said the system that was exposed through the hack was ...

  • jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

    October 19, 2018

    Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited. The bug affects the widely used jQuery File Upload widget and allowed an attacker to upload ...

  • Kaspersky says it detected infections with DarkPulsar, alleged NSA malware

    October 19, 2018

    Kaspersky Lab said today that it detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). “We found around 50 victims, but believe that the figure was much higher,” Kaspersky Lab researchers said today. “All victims were located in Russia, Iran, and Egypt, and typically Windows 2003/2008 ...

  • Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew

    October 18, 2018

    A fresh wave of cyberattacks striking the US, South Korea, and Canada has been connected to an APT group with ties to the Chinese military. On Thursday, cybersecurity researchers from McAfee’s Advanced Threat Research team said they have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the ...

  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload

    October 18, 2018

    Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe. SettingContent-ms is a recent addition to ...

  • Critical Flaws Found in Amazon FreeRTOS IoT Operating System

    October 18, 2018

    A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has ...

  • How Shodan helps identify ICS cybersecurity vulnerabilities

    October 18, 2018

    An industrial control system is essentially a collection of computers that monitor and control industrial systems. They make the world move and help with everything from food processing to transportation to running the espresso maker at your local Starbucks. The challenge is an industrial control system (ICS) can be readily attacked by advanced persistent threat groups, ...

  • Simplifying identity and access management for more businesses

    October 17, 2018

    Effective identity management underpins the modern enterprise, and Google has been hard at work to provide simple, secure solutions for administrators and developers. In March, we launched Cloud Identity to help customers manage users, devices and apps from a central console. In July, we announced context-aware access, an innovative approach to access management that implements many elements of Google’s BeyondCorp ...

  • CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows

    October 17, 2018

    Trend Micro found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. We’ve worked ...

  • GreyEnergy: New malware campaign targets critical infrastructure companies

    October 17, 2018

    The hacking group which took down Ukrainian power grids is systematically targeting critical infrastructure in Ukraine and beyond in what security researchers believe could be cyber espionage and reconnaissance ahead of future attacks. Dubbed GreyEnergy by researchers at ESET, the group is believed to have been active over the last three years and to be linked to ...

  • Multiple D-Link Routers Open to Complete Takeover with Simple Attack

    October 17, 2018

    The vendor only plans to patch two of the eight impacted devices, according to a researcher. Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland ...

  • LibSSH Flaw Allows Hackers to Take Over Servers Without Password

    October 16, 2018

    A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving ...

  • UK National Cyber Security Centre Reveals Scale Of Cyber Attacks

    October 16, 2018

    Two year since its launch, NCSC helped the UK against almost 1,200 cyber attacks, most carried out by hostile nation states The UK’s National Cyber Security Centre (NCSC) has revealed that it helps the country fend off at least ten cyber attacks a week, most of which come from state-sponsored hackers employed by hostile nation states. This ...

  • Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia

    October 15, 2018

    Researchers have uncovered the Octopus Trojan in a wave of cyberattacks being launched against diplomatic entities across central Asia. According to cybersecurity firm Kaspersky Lab, the targeted campaign has used the recent ban of Telegram messenger across Russia and reported attempts to ban the service across some former Soviet areas such as Kazakhstan to dupe victims into believing ...

  • In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

    October 15, 2018

    The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority. A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said ...

  • UK MoD secrets exposed in dozens of cyber security breaches

    October 15, 2018

    Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...

  • The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say

    October 15, 2018

    A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly. Europe’s General Data Protection Regulation requires companies with customers in the E.U. to notify regulators of a breach within 72 hours or face a severe ...

  • Up to 35 Million 2018 Voter Records For Sale on Hacking Forum

    October 15, 2018

    Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. Up to 35 million voter records have been found up for sale on a popular hacking forum from 19 states, researchers discovered. Researchers at Anomali Labs and Intel 471 on Monday said that they discovered Dark Web communications offering a ...