Vulnerabilities

Prognosis Negative for American Dental Association

Prognosis Negative for American Dental Association

By

Malware embedded on a USB drive was delivered to members of the American Dental Association (ADA).

Marcher banking malware hitting Australia

Marcher banking malware hitting Australia

By

Marcher Madness continues with a new, stealthier iteration of the Marcher banking malware targeting Android users in Australia.

Ohio firearms dealer website breach compromises customer names, state ID data

Ohio firearms dealer website breach compromises customer names, state ID data

By

An Ohio firearms dealer notified the California Attorney General that the company experienced a data breach that compromised its customers' name and state identification information.

RSA Summit: Gibson urges information sharing to beat ransomware

RSA Summit: Gibson urges information sharing to beat ransomware

The director of CERT UK laid out some of the problems facing UK cyber-space and outlined what cyber-security could do to help fix them.

EFF revises IM scorecard ratings after pen testers spot vulnerabilities

EFF revises IM scorecard ratings after pen testers spot vulnerabilities

By

The EFF is revising its IM scorecard after a pair of researchers spotted vulnerabilities in platforms previously rated safe.

DDoS attacks still growing...and stronger, Kaspersky

DDoS attacks still growing...and stronger, Kaspersky

By

Cybercriminals are strengthening their DDoS attacks with more amplification and new methods to refine their botnets.

Researchers create imaginary mobile devices to deceive Waze, other location-based apps

Researchers create imaginary mobile devices to deceive Waze, other location-based apps

By

Researchers from the University of California, Santa Barbara have uncovered a hacking technique that could allow bad actors to sabotage location-based mobile apps by simulating large number of devices that don't actually exist.

PLATINUM gang exploited Microsoft 'hotpatching' support to mask activities

PLATINUM gang exploited Microsoft 'hotpatching' support to mask activities

By

The PLATINUM team has "gone to great lengths" over many years "to develop covert techniques" so their cyber-espionage campaigns will evade detection, even using Windows's support for "hotpatching" against it.

Firefox patches issued, one critical

Firefox patches issued, one critical

By

Mozilla released 10 security advisories affecting its Firefox open-source web browser.

Malware in nuclear power plant prompts plant shutdown

Malware in nuclear power plant prompts plant shutdown

By

Malware discovered at a nuclear power plant in Germany prompted RWE AG to shut down the power plant as a precaution.

Locky ransomware spotted using Javascript downloader

Locky ransomware spotted using Javascript downloader

By

FireEye researchers observed a Locky ransomware campaign that used Javascript downloaders to infect users rather than macro- or binary-based downloaders.

Facebook social login bug, now fixed, exposed account holders to potential ID theft

Facebook social login bug, now fixed, exposed account holders to potential ID theft

By

Facebook has updated its social login process after a security firm found a bug that could have enabled adversaries to steal victims' online identities.

'Bored' Filipino IT experts to be hired as white-hat hackers

In order to better improve and ensure cyber-security of government websites, Philippine senator Ralph Recto plans to recruit "bored" Filipino hackers to serve as "cyber-commandos".

Empty email threats reap payoff for Armada Collective

Empty email threats reap payoff for Armada Collective

By

Emails sent to businesses demanding payment to avoid a DDoS attack were enough to spur some to pay off, even though no attacks resulted.

Microsoft vulnerability lets hackers bypass app whitelisting protections

Microsoft vulnerability lets hackers bypass app whitelisting protections

By

A researcher has discovered a way for attackers to sneak remotely hosted, unauthorized applications past Microsoft Windows' whitelisting security feature Applocker, by abusing the command-line utility Regsvr32.

MIT launches bug bounty program

MIT launches bug bounty program

By

The Massachusetts Institute of Technology (MIT) introduced a bug bounty program last week that it termed "experimental."

Researcher finds backdoor that accessed Facebook employee passwords

Researcher finds backdoor that accessed Facebook employee passwords

By

A Taiwan-based security researcher, known as "Orange Tsai, who was awarded a $10,000 bug bounty in February, published a report detailing the exploits that led to his discovery of illicit code on a Facebook server.

Cisco flags five product vulnerabilities that could trigger denial of service

Cisco flags five product vulnerabilities that could trigger denial of service

By

Cisco issued five security alerts this week, issuing software updates to patch a series of vulnerabilities, any of which could potentially trigger a denial of service condition.

Sixth teen arrested in breach of U.K. ISP TalkTalk

Sixth teen arrested in breach of U.K. ISP TalkTalk

By

A teenager turned himself in to police in Staffordshire, U.K., where he was arrested on charges stemming from a breach of internet services provider TalkTalk.

Most orgs couldn't quickly detect breach, study

Most orgs couldn't quickly detect breach, study

By

Researchers at DB Networks and Osterman Research find many orgs lack the proper tools to monitor their data bases.

FIN6 uses legit payment card data, GRABNEW-infected systems to steal info

FIN6 uses legit payment card data, GRABNEW-infected systems to steal info

By

A new report from FireEye Threat Intelligence said that one case investigated by Mandiant indicated that a victim computer "was originally compromised with GRABNEW malware by a separate threat actor."

New version of TeslaCrypt ups ante for ransomware

New version of TeslaCrypt ups ante for ransomware

By

Two updates in TeslaCrypt illustrate that ransomware is not only spreading wider, but is also evolving with new capabilities.

Australia's prime minister confirms Australian Bureau of Meteorology attack

Australia's prime minister confirms Australian Bureau of Meteorology attack

By

Australian Prime Minister Malcolm Turnbull confirmed that the Australian Bureau of Meteorology was indeed a target of a cyberattack last year.

UPDATE: Wireless mice and keyboards vulnerable to MouseJack takeover

UPDATE: Wireless mice and keyboards vulnerable to MouseJack takeover

By

Researchers have uncovered a vulnerability in the way non-Bluetooth dongle devices interact with wireless mice and keypads, which could enable a nearby hacker to take over a victim's computer using radio frequency signals.

Google releases study on infected websites; more than 760K sites compromised annually

Google releases study on infected websites; more than 760K sites compromised annually

By

Google researchers partnered with a research team from the University of California, Berkeley to analyze the infection and potential remediation of more than 760,000 websites during an 11-month period.

Researchers patrolling dark web uncover trojan plot targeting web hosting service

Researchers patrolling dark web uncover trojan plot targeting web hosting service

By

Web hosting provider Invision Power Services (IPS) was saved from a software compromise that could have potentially damaged its clients after researchers gathered intelligence on a cybercriminal operation taking place on the dark web.

Educational network Janet hit with DDoS attacks

Educational network Janet hit with DDoS attacks

A wave of DDoS attacks were launched against the government-funded education network Janet yesterday morning.

Talos: 3.2 million machines vulnerable to malicious JexBoss exploit tool

Talos: 3.2 million machines vulnerable to malicious JexBoss exploit tool

By

A deeper probe into the JBoss server vulnerabilities linked to recent Samsam ransomware attacks has uncovered 3.2 million unpatched machines that are potentially susceptible to this attack vector.

No useful information discovered on San Bernardino iPhone

No useful information discovered on San Bernardino iPhone

By

The iPhone used by Syed Rizwan Farook, one of the shooters in the San Bernardino terror attack that left 14 people dead, was not found to contain any useful information, according to reports.

VMware patches MitM and web session hijack vulnerability

VMware patches MitM and web session hijack vulnerability

By

VMware advised users to patch a critical issue that could allow man-in-the-middle (MitM) attacks or web session hijacking.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US