Robert Abel SC Media | Page 3 of 190

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

applePatch

Apple patches AirPort Base Station Firmware

Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…

Undetectable HiddenWasp Linux malware linked to Winnti Umbrella

A sophisticated malware campaign dubbed “HiddenWasp” is targeting Linux systems with the goal of targeted remote control. Some researchers have linked the malware to the Winnti Umbrella cluster of advisaries but attribution is uncertain at the moment. Unlike other Linux malware, HiddenWasp’s goal isn’t to mine cryptocurrency or launch DDoS activity but instead in targeted…

Nansh0u cryptomining cryptomining hit 50,000 servers

A China-based cryptomining malware campaign dubbed Nansh0u has targeted and infected up to 50,000 servers Windows MS-SQL and PHPMyAdmin servers worldwide. Guardicore researchers disclosed the campaign which took place between February 26 and April 11 of this year, in a May 29 blog post and described it as more than just a typical cryptomining attack…

applePatch

Bypass vulnerability in MacOS X GateKeeper

Independent Researcher Filippo Cavallarin discovered a GateKeeper Bypass vulnerability in Apple’s MacOS X that will allow threat actors to execute untrusted code without any warning or the user’s permission. GateKeeper is a mechanism developed by Apple and is included in MacOSX which enforces code signing and verifies downloaded applications before allowing them to run on…

HawkEye malware campaign upticks on business users

IBM X factor researchers detected an uptick in HawkEye version 9 keylogger infection campaigns targeting business users around the world and threat actors offering the malware as a service. The malware is designed to steal information from infected devices as well as to download additional malware by leveraging it botnets to distribute malware as a…

Transient devices require strict control measures as regulatory compliance requirements grow

TThe proliferation of BYOD and portable media devices is increasing the cybercrime attack surface exponentially. TechAdvisory.org reports that 25 percent of malware is spread today through USB devices alone. Transient cyber assets  — or devices not connected to the network all the time (which includes USB devices) — are proving to be an acute vulnerability…

surveillance

License plate reader firm breached, data leaked

A threat actor by the alias “Boris Bullet-Dodger” broke into the database of a company that provides license plate readers for the U.S. government to use at the Mexican border.Tennessee-based Perceptics said Thursday it had been breached and that the attacker posted its contents on the dark web, according to The Register.The attacker leaked 65,000…

Great White North bombarded with malicious email campaigns, report

During the first four months of 2019 threat actors conducted thousands of malicious email campaigns, hundreds of which targeted Canadian organizations. Proofpoint researchers detected nearly 100 campaigns that specifically geo-targeted Canada or were customized for Canadian audiences in the first four months of 2019 mostly using the Emotet banking trojan, according to Proofpoint’s Beyond “North…

XSS vulnerability in Slimstat WordPress plugin

A  vulnerability in the Slimstat WordPress plugin could allow a malicious user to inject arbitrary JavasScript code on the plugin access log functionality. The plugin allows users to gather data analytics for the WordPress site and will track certain information such as the browser and operating system details, plus page visits to optimize the website…

Next post in Vulnerabilities