Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company’s Cisco Aironet Access Points (APs) software. Officially designated CVE-2019-15260, the flaw potentially can be exploited to view sensitive information, interfere with configuration options and disable the AP, in order to create…
A Montgomery County, Md., high school student earlier this month hacked into the Naviance college prep system and downloaded and shared the PII from about 1,400 fellow students. The initial investigation using information provided by Naviance led the school district to initially suspect two students. On October 7 the Montgomery County Police Department was brought…
VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF). According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent…
Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates. Authentic Jobs, used by the likes of the New York Times and EY, took the biggest hit with 221,130 CVs exposed to the public, according to…
The Committee on House Administration passed the Stopping Harmful Interference in Elections for a Lasting Democracy (SHIELD) Act intended to close loopholes in foreign spending in U.S. elections as well as improve disclosure and transparency rules. “The SHIELD Act closes gaps in the law that allow foreign nationals and foreign governments to launder money into…
The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September. The downloader, named Get2, has been used in campaigns to deliver a variety of secondary payloads, including the FlawedGrace and FlawedAmmyy RATs and Snatch…
In what could be the poster child case for closing the barn door after the horse has left, the Baltimore City Council has approved the purchase of cyber insurance, six months after the municipality suffered a damaging ransomware attack. The Baltimore Sun reported the city conducted a bidding process and selected two plans. “The first…
Researchers have found what they are calling the first crpytojacking worm to spread to and from compromised containers in the Docker Engine. Named Graboid as an homage to the monster worm in the 1990 movie Tremors, the malware mines Monero cryptocurrency from infected machines and randomly spreads to other vulnerable hosts. Indeed, the malware contains a list…
Oracle issued more than 200 security patches across a wide swath of its product line with Fusion Middleware, Java SE and MySQL receiving the majority of the fixes. Overall 218 fixes were issued in the October update. This is the fourth security update issued by Oracle in 2019 with the next scheduled for January 2020.…
WordPress rolled out version 5.2.4 patching six vulnerabilities as a short-term fix prior to the release of version 5.3. WordPress version 5.2.3 and earlier are affected by these bugs. The problems covered included an issue where stored XSS could be added via the Customizer, a method of viewing unauthenticated posts, a way to create a…
