CVE-2019-1663 | Cisco Routers – Critical 9.8 CVSS Score
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical...
News
CVE-2019-1674 | New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker...
Chrome Zero-Day Exploited to Harvest User Data via PDF Files
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect...
Government-funded researchers investigate vulnerabilities in EV charging stations
Charging stations for electric cars have sprung up across the country in recent years as hybrid vehicles continue to gain...
IBM’s X-Force says who needs malware, PowerShell FTW!
If anyone reading this works in InfoSec, as I do then you will know that a company's internal network, once...
New Golang brute-forcer discovered amid rise in e-commerce attacks
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers....
Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
On February 23, 2019, Anomali Labs found a suspicious-looking subdomain transportationgovbidsynckelapw containing the legitimate domain transportation.gov for the U.S. Department...
High-Severity SHAREit App Flaws Open Files for the Taking
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism...
Malware Triggers in Outlook Preview Without User Opening Word Document
A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to...
Mozilla fears encryption law could turn its employees into insider threats
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.The Mozilla Corporation,...
Hackers abuse LinkedIn DMs to plant malware
Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware. Researchers at Proofpoint found...
New browser based attack called MarioNet
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers...
Cyber criminals promise millions to skilled professionals
Cyber criminals are willing to pay more than a million dollars a year to skilled information security professionals who are willing to...
New Malspam Campaign Targets WinRAR ACE Flaw to Deliver Malware
Security researchers have discovered a new Malspam campaign exploiting the recently discovered WinRAR ACE flaw to install malware on the...
Multiple ArtraDownloader Variants Used by BITTER to Target Pakistan
Executive Summary Since at least 2015, a suspected South Asian threat grouping known as BITTER has been targeting Pakistan and Chinese organizations...
Russian hacker accused of bank cyber-attacks pleads guilty in US court
Russian programmer Stanislav Lisov, extradited to the United States from Spain in 2018, pleaded guilty to conspiring to commit a...
Marriott Reveals They Had My Un-encrypted Passport and Credit Card Information, and Now Hackers Have It
Marriott let me know that the hack of their systems released my unencrypted passport number and unencrypted credit card number....
North Korean hackers could start stealing business secrets
As North Korea tries to rev up its economy, it may shift its hacking efforts from financial thievery to stealing...
Secret Rules of Visa and MasterCard Revealed by Russian Ex-Hacker
Dmitry Artimovich, who on several occasions had been referred to as a "Russian hacker” by the world's largest news publications...
dirty_sock: Linux Privilege Escalation (via snapd)
In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a...
CVE-2019-6340 | Drupal RCE Vulnerability
The remote execution flaw exists because some field types do not properly sanitize data from non-form sources and this can...
CVE-2019-8912 | Use After Free Arbitrary Code Execution Vulnerability for many Linux Kernels
Linux Kernel is prone to an arbitrary code-execution vulnerability.An attacker can exploit this issue to execute arbitrary code in the...
Cybersecurity A Key Challenge for the Automotive Industry
The fundamental challenge of cybersecurity is not new. They have existed as long as computers have been used in sensitive applications in...
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via SMB Vulnerability
Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly...
