Author: admin

By Tom Spring April 14, 2017                                        Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are nonexistent. According to security experts, gangs behind them are regrouping, tweaking code and finding fresh software exploits to target.   Here are… Continue reading Exploit Kit Activity Quiets, But Is Far From Silent

April 14, 2017  By Pierluigi Paganini                                           The Linux remote vulnerability tracked as CVE-2016-10229 poses Linux systems at rick of hack if not patched.   A Linux kernel vulnerability, trackers as CVE-2016-10229, potentially allows attackers to remotely take over a vulnerable system (i.e. Servers, desktops, IoT devices and mobile devices).   “udp.c in the Linux kernel before 4.5… Continue reading CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack

April 14, 2017  By Pierluigi Paganini   Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2.                                        Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently… Continue reading Cisco warns of two critical issues in IOS and Apache Struts

13th April 2017  by Bill Brenner                                                   Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some fresh examples of this – specifically, anti-emulation Android… Continue reading Android malware creators throw up a roadblock to thwart the good guys

I keep saying it, but why does everything have to be connected these days?   Graham CLULEY 13th April 2017   Imagine you work in marketing for a company that has been manufacturing upmarket cookers for almost 100 years.   How do you make your product capture people’s attention and attract new customers?   Simple… Continue reading Don’t let hackers ruin your roast! Security flaws found in AGA cooker app

By Tom Spring April 13, 2017                                                    A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and… Continue reading ‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable

See Also – Booby-trapped Word documents in the wild exploit critical Microsoft 0day   April 13, 2017  By Pierluigi Paganini   Security researchers at FireEye discovered that the Microsoft Word CVE-2017-0199 exploit was linked to cyberspying in Ukraine conflict.   The zero-day vulnerability in Microsoft Office that was recently fixed by Microsoft was used to deliver a surveillance… Continue reading CVE-2017-0199 Zero Day exploit used to deliver FINSPY spyware

By Eduard Kovacs on April 13, 2017   A piece of malware used in targeted attacks aimed at South Korea and Japan is inflated with junk data in an effort to avoid detection. While the technique is not exactly new, researchers at Kaspersky Lab believe this particular malware is noteworthy. The security firm came across… Continue reading Targeted Malware Inflated With Junk Data to Avoid Detection

A longer read than normal but interesting.   12th April 2017  by Paul Ducklin                                    These days, programmers often work in large, collaborative teams that produce dozens of different deliverables at the same time.   If you’re working on an image editor, for example, some of the components in it might also be… Continue reading Malware, Sir? Jenkins ‘software butler’ tool gets many security fixes

April 12, 2017 by Scott Wilson                                           You have probably heard the term zero-day or zero-hour malware, but what exactly does it mean?   It’s simple: it just means the malware is using a software vulnerability for which there is currently no available defense or fix. The vulnerability allows the… Continue reading What is a Zero-Day?