Security News
Qihoo team cracks Tesla’s Model S car, reportedly earns $10K
The SyScan +360 conference offered a $10,000 prize to anyone who uncovered vulnerabilities in Tesla's Model S car, which the automaker vowed to fix.
About SC Media
Your search for Qihoo 360 returned 28 results
Executive Insight, Opinion
Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution
A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity. The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the popular open source machine emulator and virtualizer. Short for…
APTs/cyberespionage, Security News
Poison Carp cyberespionage group targeting Tibetan officials with mobile malware
A newly designated threat group dubbed Poison Carp has been found using Android exploits to plant spyware on devices operated by the leadership of various Tibetan leaders. The attacks were uncovered by The Citizen Lab, which found Poison Carp using a mix of eight Android browser exploits and one Android spyware kit, along with an…
APTs/cyberespionage, Cybercrime, Health Care, Phishing, Security News, Vulnerabilities
Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit
Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
Network Security, Security News, Vulnerabilities
VMware issues critical security update for Workstation and Fusion products
VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host. Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2…
Cybercrime, Malware, Security News
GhostDNS hijacking campaign steps up attacks on Brazilians; 100K+ devices compromised
An ongoing DNS hijacking campaign significantly increased its activity this past September, leveraging over 100,000 compromised home routers in order to redirect Brazilian e-banking customers to phishing web pages. Previously reported on last August by Radware, the campaign uses a remote configuration URL to modify the DNS server settings of exploited networking devices so that unsuspecting…
Cybercrime, IoT, Malware, Security News
Quirky Fbot IoT botnet kills rival, communicates via blockchain-based DNS
There’s an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices. Dubbed Fbot, the malware is also unusual because rather than using standard DNS to communicate with the command-and-control server, it instead…
Cybercrime
Oracle WebLogic Server attacks spike after vulnerability PoC published
At least two separate threat groups have already developed automated exploitation scripts to exploit a recently patched vulnerability in Oracle WebLogic Servers and are conducting large-scale attacks after several proof-of-concepts were published. The attacks exploit CVE-2018-2893, a critical vulnerability in a component product’s middleware that allows an attacker to gain control over the entire server…
Mobile Security
Device makers still shipping products with Android Debug Bridge enabled, despite risks
Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.
Vulnerabilities
Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East
Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.
Next post in Vulnerabilities
