Cybersecurity news & analysis | SC Media


Twitter fixes API bug that shared data with wrong developers


Twitter on Friday disclosed that it fixed a bug in its Account Activity API (AAAPI) for app developers that may have mistakenly sent certain user data and content to the wrong developers who were not authorized to see this information. The AAAPI, which enables developers build tools that help customers communicate via Twitter, contained the…

Mastermind behind Scan4you gets 14 years, helped steal $20 billion


A Latvian resident was sentenced to 14 years in prison for operating the Scan4you service which helped cybercriminals more effectively attack their targets enabling more than $20.5 billion Bondars service helped steal more than $20 billion. Ruslans Bondars, a former Soviet Union national residing in Latvia, was sentenced after being found guilty by a jury…

Cisco patches critical default password vulnerability


Cisco has issued a critical update for its Video Surveillance Manager (VSM) appliance to fix a default passwords vulnerability. If exploited the vulnerability could allow an unauthenticated user to log in using the root account, which has default, static user credentials allowing the attacker to execute arbitrary commands as the root user,. Cisco reported. The…

Report: Microsoft misses disclosure deadline to patch RCE bug in JET


Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…

Donald Trump

Citing DoJ, ‘key allies’ concerns,Trump delays release of classified data


President Trump pumped the brakes Friday on his earlier order to release classified data included in a FISA warrant on his former campaign foreign policy aide Carter Page and texts among a number of FBI agents, citing concerns from Justice Department officials that the declassification could have a “perceived negative impact” on the Russian interference…

election hacking

DDoS attacks took down Calif. Democratic hopeful’s website during primaries


A distributed denial of service (DDoS) attack took down California Democratic congressional hopeful Bryan Caforio’s website just hours before he stepped onto the debate stage to face fellow Democrats. “As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they…

Viro Botnet ransomware comes with a botnet


Researchers discovered a ransomware with Botnet capabilities representing threat actors diversifying attack methods to raise the ante. Trend Micro researchers spotted the ransomware dubbed “Viborot” targeting users in the United States that once infected, the machine would become part of a spam email botnet that sought out new ransomware victims, according to a Sept. 21…

White House unveils initiatives to combat botnets

White House touts release of National Cyber Strategy


Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by…

Leahy bill would end bulk data collection, introduce reforms

Romanian woman pleads guilty to ransomware attack on D.C. police cameras before Trump Inauguration


A Romanian citizen pleaded guilty to federal charges stemming from her role in a ransomware attack which involved hacking Washington, D.C., police cameras days before the 2017 Presidential Inauguration. Eveline Cismaru, 28, pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer fraud in charges stemming…

Scottish brewery ransomware attack leverages job opening


The Arran Brewery in Scotland was hit with a ransomware attack that saw a malicious actor using a job vacancy at the beer maker to slip in the malware. The brewery, located on the small island of Arran off the Scottish coast, had posted a job opening for a credit control and finance assistant, but…

Next post in News