Cybersecurity | SC Media

Cybersecurity

A draft of the voluntary framework was released by NIST.

Securing Energy Infrastructure Act passes House

The House Thursday passed the bipartisan Securing Energy Infrastructure Act, which aims to remove vulnerabilities that could allow hackers to access the energy grid. The bill was sponsored by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) and mirrors the Senate legislation introduced by Senators Angus King (I-Maine) and Jim Risch (R-Idaho). It seeks to…

Macbook

Ke3chang APT group linked to Okrum backdoor

ESET researchers linked the Ke3chang APT group to the newly discovered Okrum backdoor showing the group is still active and improving its code. Researchers have since discovered new versions of malware families linked to the Ke3chang group and believe the group is operating out of China. Overtime, the Ketrican, Okrum and RoyalDNS backdoors have all…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

FTC lodges new set of complaints against alleged cell phone spammers

Sprint customer data breached via Samsung website flaw

Threat actors gained unauthorized access to an undisclosed number of Sprint customer accounts via a compromised Samsung website.   “On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” the wireless provider said in a letter to impacted customers posted on Scribd. “The…

Unofficial Telegram app secretly loads malicious sites

An unofficial Telegram app is secretly loading malicious sites onto the devices of unsuspecting users and running other malicious services in the background without the users’ consent. Symantec researchers discovered the malicious app, named MobonoGram 2019 (detected as Android.Fakeyouwon) and advertised as an unofficial version of the Telegram messaging application with more features than the…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Zoom finally patches video vulnerability months after discovery

Zoom finally released patches for two long-ago reported vulnerabilities in their platform including one which allow malicious websites to enable your camera without permission exposing up to 750,000 companies around the world.  Software Engineer Jonathan Leitschuh discovered two vulnerabilities in the Mac Zoom Client back in March 2019 including a Denial of Service (DOS) Vulnerability, CVE-2019–13449,…

Cisco releases updates for DoS vulnerability

Cisco released security updates for a “high” rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could allow a remote attacker to cause a denial-of-service condition The vulnerability, CVE-2019-1873, is in the cryptographic driver of the products, according to a July 10 security update. The bug is due to incomplete…

Next post in Vulnerabilities