Cybersecurity News and Product Reviews | SC Media

Home

Report: Microsoft misses disclosure deadline to patch RCE bug in JET

By

Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…

Donald Trump

Citing DoJ, ‘key allies’ concerns,Trump delays release of classified data

By

President Trump pumped the brakes Friday on his earlier order to release classified data included in a FISA warrant on his former campaign foreign policy aide Carter Page and texts among a number of FBI agents, citing concerns from Justice Department officials that the declassification could have a “perceived negative impact” on the Russian interference…

election hacking

DDoS attacks took down Calif. Democratic hopeful’s website during primaries

By

A distributed denial of service (DDoS) attack took down California Democratic congressional hopeful Bryan Caforio’s website just hours before he stepped onto the debate stage to face fellow Democrats. “As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they…

Viborot ransomware comes with a botnet

By

Researchers discovered a ransomware with Botnet capabilities representing threat actors diversifying attack methods to raise the ante. Trend Micro researchers spotted the ransomware dubbed “Viborot” targeting users in the United States that once infected, the machine would become part of a spam email botnet that sought out new ransomware victims, according to a Sept. 21…

White House unveils initiatives to combat botnets

White House touts release of National Cyber Strategy

By

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by…

Leahy bill would end bulk data collection, introduce reforms

Romanian woman pleads guilty to ransomware attack on D.C. police cameras before Trump Inauguration

By

A Romanian citizen pleaded guilty to federal charges stemming from her role in a ransomware attack which involved hacking Washington, D.C., police cameras days before the 2017 Presidential Inauguration. Eveline Cismaru, 28, pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer fraud in charges stemming…

Scottish brewery ransomware attack leverages job opening

By

The Arran Brewery in Scotland was hit with a ransomware attack that saw a malicious actor using a job vacancy at the beer maker to slip in the malware. The brewery, located on the small island of Arran off the Scottish coast, had posted a job opening for a credit control and finance assistant, but…

Report: Hackers used data mining tool, network sniffer to steal Click2Gov information

By

The malicious actor behind a year-old campaign targeting the web payment portal Click2Gov appears to have been using a malicious webshell, data mining utility program and network sniffer to steal information from users, according to a new report from FireEye researchers. The researchers note that while the perpetrator’s tools and techniques are “generally consistent with other financially…

RussiaHack

Russian MagBo black market offers access to 3000 breached sites

By

Flashpoint researchers discovered a Russian speaking underground market place named “Magbo” selling access to approximately 3,000 breached sites for as little as 50 cents. The site allowed cybercriminals to purchase the exact breach they need depending on the website value with prices as low as 50 cents per access to $1,000 per access, depending on…

Newegg Magecart data breach possibly avoidable

By

The cyber gang Magecart added another notch to its keyboard managing to infiltrate online electronics retailer Newegg with payment card skimming malware, according to two reports, with industry experts weighing in that such attacks can be avoided through higher levels of vigilance by corporate cybersecurity teams. Magecart, which was tagged as responsible for the British…

Next post in Data Breach