web analytics

VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Security researchers using the service found a bunch of flaws   By John Leyden 23 Aug 2017   Messaging provider Fuze has resolved a trio of vulnerabilities in its TPN Handset Portal.   The access controls and authentication flaws, discovered by security tools firm Rapid7, created a means for hackers to obtain personal data about… Continue reading VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Business Email Compromise Campaign Harvesting Credentials in Numerous Industries

August 23rd, 2017  by Michael Mimoso     A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links redirecting victims to sites designed to harvest… Continue reading Business Email Compromise Campaign Harvesting Credentials in Numerous Industries

Microsoft Security Update Minor Revisions Issued: August 23, 2017

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256   ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: August 23, 2017 ********************************************************************   Summary =======   The following CVEs and Microsoft security bulletin have undergone a minor revision increment   * CVE-2016-7292 * CVE-2017-0167 * MS16-149   Revision Information: =====================   CVE-2016-7292    – Title: CVE-2016-7292 | Windows… Continue reading Microsoft Security Update Minor Revisions Issued: August 23, 2017

Ukrainian Security Firm Warns of Another Massive Global Cyberattack

Malware could attempt to take down networks on August 24     Aug 23, 2017 07:58 GMT  ·  By Bogdan Popa   A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when… Continue reading Ukrainian Security Firm Warns of Another Massive Global Cyberattack

Automated Logic Patches Flaws in Building Automation System

By Eduard Kovacs on August 23, 2017   Kennesaw, Georgia-based building automation systems provider Automated Logic has released updates for its WebCTRL product to address several vulnerabilities, including one rated high severity.   WebCTRL is a building automation system used worldwide in commercial office buildings, mission-critical facilities, educational institutions, healthcare organizations, hotels, and government facilities.… Continue reading Automated Logic Patches Flaws in Building Automation System

Spyware backdoor prompts Google to pull 500 apps with >100m downloads

Google killed secret plugin download capability after being alerted by researchers.     Dan Goodin – 8/22/2017   At least 500 apps collectively downloaded more than 100 million times from Google’s official Play Market contained a secret backdoor that allowed developers to install a range of spyware at any time, researchers said Monday.   The… Continue reading Spyware backdoor prompts Google to pull 500 apps with >100m downloads

Sysadmins told to update their software or risk killing the internet

The DNS signing keys are changing for the first time By Kieren McCarthy in San Francisco 22 Aug 2017     The world’s internet providers and sysadmins need to make sure they are running up-to-date software or they risk cutting their customers off from the internet in October, DNS overseer ICANN has warned.   Following… Continue reading Sysadmins told to update their software or risk killing the internet

Ropemaker Allows Attackers to Change the Content of an Email—After It’s Delivered

22nd August 2017  by Tara Seals   A new email exploit, dubbed Ropemaker, allows a malicious actor to edit the content in an email—after it’s been delivered to the recipient and made it through the necessary filters.   For instance, an attacker could swap a benign URL with a malicious one in an email already… Continue reading Ropemaker Allows Attackers to Change the Content of an Email—After It’s Delivered

Neptune Exploit Kit Used to Deliver Monero Miner

By Eduard Kovacs on August 22, 2017   Cybercriminals have been using the Neptune exploit kit to deliver cryptocurrency miners via malvertising campaigns, FireEye reported on Tuesday.   Neptune, whose arrival was detailed by researchers in January, is also known as Terror, Blaze and Eris. It was initially considered a variant of the Sundown exploit… Continue reading Neptune Exploit Kit Used to Deliver Monero Miner

DDoS Threat Increases While Mirai Becomes ‘Pay-for-Play’

By Kevin Townsend on August 22, 2017   The DDoS threat is increasing again. Pbot can generate 75 Gbps from just 400 nodes and Mirai has been commoditized. However, despite the growing number of attacks, the overall trend seems to be for more frequent, smaller attacks. These are the primary takeaways from a new Q2… Continue reading DDoS Threat Increases While Mirai Becomes ‘Pay-for-Play’