Month: May 2017

Zeljka Zorz – May 30, 2017   A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS.                                              There is currently no indication that the flaw is being exploited in the wild, but as… Continue reading Vulnerability opens FreeRADIUS servers to unauthenticated attackers

Small businesses face a range of cyber threats daily and are often more vulnerable than the larger organisations   30th May 2017 By Nick Ismail   Small businesses that see themselves as too small to be targeted by cyber criminals are putting themselves at direct risk.   In fact, small businesses are at an equal,… Continue reading 7 nightmare cyber security threats to SMEs and how to secure against them

Auto-clicking ‘Judy’ adware was distributed by over 40 apps in Google’s official Android market.   By Danny Palmer | May 30, 2017   Security researchers have discovered a large malware campaign in the Google Play store.   Dubbed Judy — because many of the malicious apps are games featuring a cutesy character of that name… Continue reading Android alert: This cutesy malware has infected millions of devices

May 30, 2017  By Pierluigi Paganini   Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month.   A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off… Continue reading You can take Shadow Brokers Zero Day Exploit Subscriptions for $21,000 per month

Zeljka Zorz – May 30, 2017                                                  After the discovery and the fixing of a “crazy bad” remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote… Continue reading 8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

29th May 2017  By Catalin Cimpanu   There is a way to inject malicious content into email servers running email encryption appliances, a technique that allows attackers to go around email security products.   Email encryption appliances (EEAs) are hardware or virtualized devices that work together with email servers to encrypt and decrypt messages. EEAs… Continue reading Split Tunnel SMTP Exploit Allows an Attacker to Inject Payloads Into Email Servers

By Martin Brinkmann on May 29, 2017   When you try to connect select Microsoft owned domains such as Hotmail.com or Codeplex.com right now in Firefox, you may get a Secure Connection Failed error.   Sites that are affected by the issue include the following domains: hotmail.com, codeplex.com, visualstudio.com, azurewebsites.net, social.technet.microsoft.com, onedrive.live.com.   In fact,… Continue reading Firefox throws Secure Connection Failed for many Microsoft domains (Fix)

A team of researchers find 8,000 bugs in pacemaker codes.   Mariella Moon, @mariella_moon   I know that this topic has been the subject of previous threads but believe the informasiton here is new/additional.       “Back in January, the FDA has finally acknowledged that some pacemakers and other cardiac devices are vulnerable to… Continue reading Pacemakers are far more vulnerable to hacking than we thought

May 29th 2017  By Catalin Cimpanu   A self-proclaimed member of the Anonymous hacker collective is behind a campaign to spread the Houdini RAT and is currently looking into deploying the MoWare H.F.D ransomware.   The name of this “hacker” is Mohammed Raad, according to his Facebook profile, but he also goes online by the… Continue reading Anonymous Member Playing with Houdini RAT and MoWare Ransomware

ClearPass Policy Manager needs upgrade 29 May 2017 at 01:58, Richard Chirgwin   In case you missed it: there’s a bunch of bad bugs in HPE’s Aruba ClearPass Policy Manager.   The Bugtraq post landed here Friday afternoon US time, a followup to HPE’s announcement of a collection of seven CVEs (Common Vulnerabilities and Exposures).… Continue reading Aruba bugs squashed in seven-vuln splatfest