14th April 2017 By Alex Lockie The Pentagon’s Defense Advanced Research Project Agency recently reached out to BAE systems to develop a workaround for a potential cyberattack on the US that would likely be the precursor to serious acts of actual warfare, Defense Systems reports. Basically the US wants a system to quickly identify cyberattacks… Continue reading Pentagon taking steps to secure US cyber infrastructure from attacks as war looms with North Korea
Author: admin
NSA-leaking Shadow Brokers just dumped its most damaging release yet
Windows zero-days, SWIFT bank hacks, slick exploit loader among the contents. Dan Goodin – 4/14/2017 The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency’s weaponized software exploits—just published its most significant release yet. Friday’s dump contains potent… Continue reading NSA-leaking Shadow Brokers just dumped its most damaging release yet
Exploit Kit Activity Quiets, But Is Far From Silent
By Tom Spring April 14, 2017 Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target. Here are… Continue reading Exploit Kit Activity Quiets, But Is Far From Silent
CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack
April 14, 2017 By Pierluigi Paganini The Linux remote vulnerability tracked as CVE-2016-10229 poses Linux systems at rick of hack if not patched. A Linux kernel vulnerability, trackers as CVE-2016-10229, potentially allows attackers to remotely take over a vulnerable system (i.e. Servers, desktops, IoT devices and mobile devices). “udp.c in the Linux kernel before 4.5… Continue reading CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack
Cisco warns of two critical issues in IOS and Apache Struts
April 14, 2017 By Pierluigi Paganini Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2. Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently… Continue reading Cisco warns of two critical issues in IOS and Apache Struts
Android malware creators throw up a roadblock to thwart the good guys
13th April 2017 by Bill Brenner Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some fresh examples of this – specifically, anti-emulation Android… Continue reading Android malware creators throw up a roadblock to thwart the good guys
Don’t let hackers ruin your roast! Security flaws found in AGA cooker app
I keep saying it, but why does everything have to be connected these days? Graham CLULEY 13th April 2017 Imagine you work in marketing for a company that has been manufacturing upmarket cookers for almost 100 years. How do you make your product capture people’s attention and attract new customers? Simple… Continue reading Don’t let hackers ruin your roast! Security flaws found in AGA cooker app
‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable
By Tom Spring April 13, 2017 A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and… Continue reading ‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable
CVE-2017-0199 Zero Day exploit used to deliver FINSPY spyware
See Also – Booby-trapped Word documents in the wild exploit critical Microsoft 0day April 13, 2017 By Pierluigi Paganini Security researchers at FireEye discovered that the Microsoft Word CVE-2017-0199 exploit was linked to cyberspying in Ukraine conflict. The zero-day vulnerability in Microsoft Office that was recently fixed by Microsoft was used to deliver a surveillance… Continue reading CVE-2017-0199 Zero Day exploit used to deliver FINSPY spyware
Targeted Malware Inflated With Junk Data to Avoid Detection
By Eduard Kovacs on April 13, 2017 A piece of malware used in targeted attacks aimed at South Korea and Japan is inflated with junk data in an effort to avoid detection. While the technique is not exactly new, researchers at Kaspersky Lab believe this particular malware is noteworthy. The security firm came across… Continue reading Targeted Malware Inflated With Junk Data to Avoid Detection