web analytics

Pentagon taking steps to secure US cyber infrastructure from attacks as war looms with North Korea

14th April 2017 By Alex Lockie   The Pentagon’s Defense Advanced Research Project Agency recently reached out to BAE systems to develop a workaround for a potential cyberattack on the US that would likely be the precursor to serious acts of actual warfare, Defense Systems reports.   Basically the US wants a system to quickly identify cyberattacks… Continue reading Pentagon taking steps to secure US cyber infrastructure from attacks as war looms with North Korea

NSA-leaking Shadow Brokers just dumped its most damaging release yet

Windows zero-days, SWIFT bank hacks, slick exploit loader among the contents.   Dan Goodin – 4/14/2017                                  The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency’s weaponized software exploits—just published its most significant release yet. Friday’s dump contains potent… Continue reading NSA-leaking Shadow Brokers just dumped its most damaging release yet

Exploit Kit Activity Quiets, But Is Far From Silent

By Tom Spring April 14, 2017                                        Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target.   Here are… Continue reading Exploit Kit Activity Quiets, But Is Far From Silent

CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack

April 14, 2017  By Pierluigi Paganini                                           The Linux remote vulnerability tracked as CVE-2016-10229 poses Linux systems at rick of hack if not patched.   A Linux kernel vulnerability, trackers as CVE-2016-10229, potentially allows attackers to remotely take over a vulnerable system (i.e. Servers, desktops, IoT devices and mobile devices).   “udp.c in the Linux kernel before 4.5… Continue reading CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack

Cisco warns of two critical issues in IOS and Apache Struts

April 14, 2017  By Pierluigi Paganini   Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2.                                        Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently… Continue reading Cisco warns of two critical issues in IOS and Apache Struts

Android malware creators throw up a roadblock to thwart the good guys

13th April 2017  by Bill Brenner                                                   Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some fresh examples of this – specifically, anti-emulation Android… Continue reading Android malware creators throw up a roadblock to thwart the good guys

Don’t let hackers ruin your roast! Security flaws found in AGA cooker app

I keep saying it, but why does everything have to be connected these days?   Graham CLULEY 13th April 2017   Imagine you work in marketing for a company that has been manufacturing upmarket cookers for almost 100 years.   How do you make your product capture people’s attention and attract new customers?   Simple… Continue reading Don’t let hackers ruin your roast! Security flaws found in AGA cooker app

‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable

By Tom Spring April 13, 2017                                                    A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and… Continue reading ‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable

CVE-2017-0199 Zero Day exploit used to deliver FINSPY spyware

See Also – Booby-trapped Word documents in the wild exploit critical Microsoft 0day   April 13, 2017  By Pierluigi Paganini   Security researchers at FireEye discovered that the Microsoft Word CVE-2017-0199 exploit was linked to cyberspying in Ukraine conflict.   The zero-day vulnerability in Microsoft Office that was recently fixed by Microsoft was used to deliver a surveillance… Continue reading CVE-2017-0199 Zero Day exploit used to deliver FINSPY spyware

Targeted Malware Inflated With Junk Data to Avoid Detection

By Eduard Kovacs on April 13, 2017   A piece of malware used in targeted attacks aimed at South Korea and Japan is inflated with junk data in an effort to avoid detection. While the technique is not exactly new, researchers at Kaspersky Lab believe this particular malware is noteworthy. The security firm came across… Continue reading Targeted Malware Inflated With Junk Data to Avoid Detection