An Italian cybersecurity passionate discovered that it was possible to recover the expired messages from Signal version 1.14.3, Advisory ID: n0sign4l-002 Risk level: 4 / 5 Title: Signal Desktop – Recover Expired Messages Credit: Leonardo Porpora – ân0sign4lâ Product: Signal CVE: CVE-2018-14023 Version: 1.14.3 and prior Public Disclosure:  17/08/2018 Vendor: Open Whisper System Details Signal version […]
The security researcher Sam Thomas from Secarma, has discovered a new attack technique that leverages critical deserialization vulnerabilities in PHP programming language. The flaws potentially expose web applications written in the popular language to cyber attacks, including websites running CMSs like WordPress and Typo3. The expert discovered that an attacker can use low-risk functions against Phar archives to trigger […]
Linux kernel maintainers have rolled out security updates for two DoS vulnerabilities tracked as SegmentSmack and FragmentSmack. Linux kernel maintainers have released security patches that address two vulnerabilities, tracked as two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391). potentially exploitable to trigger a DoS condition. The vulnerabilities reside the Linux kernel’s TCP stack, an attacker can […]
Cosmos Bank, one of the largest Indian cooperative banks, confirmed it was the victim of a cyberheist, over the weekend hackers stole over 940 million rupees ($13.5 million) in three days. Hackers stole over 940 million rupees ($13.5 million) in three days from the Indian cooperative Cosmos bank. The Cosmos bank publicly disclosed the attacks in a […]
Cyber Defense Magazine August 2018 Edition has arrived. Sponsored by: Bosch We hope you enjoy this month’s edition…packed with 130+ pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here.  Please tell your friends to FLIPBOOK http://www.cyberdefensemagazine.com/newsletters/august-2018/index.html PDF http://www.cyberdefensemagazine.com/newsletters/august-2018/CDM-CYBER-DEFENSE-eMAGAZINE-August-2018.pdf MOBILE http://www.cyberdefensemagazine.com/newsletters/august-2018/mobile/index.html Our Global […]
SAP released security notes for August 2018 that address dozens patches, the good news is that there aren’t critical vulnerabilities. SAP issues 27 Security Notes, including 14 Patch Day Notes and 13 Support Package Notes. Seven notes are related to previously published patches. “On 14th of August 2018, SAP Security Patch Day saw the release of 12 Security Notes. […]
Piping botnet – Israeli researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water […]
Security experts from the cloud security firm Avanan have discovered a new technique dubbed PhishPoint, that was used by hackers to bypass Microsoft Office 365 protections. PhishPoint is a new SharePoint phishing attack that affected an estimated 10% of Office 365 users over the last 2 weeks. The experts are warning of the new technique […]
Hundreds of Instagram accounts were hijacked in what appears to be the result of a coordinated attack, all the accounts share common signs of compromise. Alleged attackers have hijacked Instagram accounts and modified personal information making impossible to restore the accounts. The number of Instagram accounts that was hacked has increased since the beginning of […]
Foreshadow Attacks – Security researchers disclosed the details of three new speculative execution side-channel attacks that affect Intel processors. The new flaws, dubbed Foreshadow and L1 Terminal Fault (L1TF), were discovered by two independent research teams. An attacker could exploit the Foreshadow vulnerabilities attacks to gain access to the sensitive data stored in a computer’s memory or third-party clouds. […]