Cyber criminal organizations and state-sponsored hackers continue to use Exploit kits to compromise targets world worldwide if the use of Exploit kits is decreased across the recent months, some of them were improved by adding the code to exploit recently discovered Flash and Internet Explorer zero-day vulnerabilities. “Since both Flash and the VBScript engine are […]
A China-linked APT group, LuckyMouse, Emissary Panda, APT27 and Threat Group 3390, has targeted a national data center in Central Asia. The APT group has been active since at least 2010, the crew targeted U.S. defense contractors and financial services firms worldwide. In March 2018, security experts at Kaspersky Lab have observed an attack powered by the […]
June 12, 2018 – Cyber Defense eMagazine is arrived – OVER SIX THOUSAND PAGES – SIX YEARS – #1 GLOBAL SOURCE FOR CYBER DEFENSE Cyber Defense eMagazine June 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with over 150 pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online […]
A security researcher from Vertek Corporation reported to Bleeping Computer that over 43 million email addresses have been leaked from the command and control server of a spam botnet. An expert from Vertek Corporation spotted the C&C server while investigating a recent malware campaign distributing a version of the Trik trojan. The malicious code was used as a first-stage malware […]
Retailer Dixons Carphone has disclosed a security breach that involved 5.9 million payment cards and 1.2 million personal data records. Dixons Carphone discovered an “unauthorised access” to certain data held by the company, it promptly launched an investigation and hired an external firm to shed the light on the case. The company immediately reported the […]
Fortinet discovered PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread. PyRoMineIoT is a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance remote code execution exploit to spread, the malware also abuses infected machines to scan for vulnerable Internet of Things (IoT) devices. PyRoMineIoT is quite similar to another crypto-currency miner dubbed PyRoMine that was […]
Microsoft issued Patch Tuesday updates for June 2018 that address a total of 50 vulnerabilities, 11 of which are critical remote code execution flaws. Microsoft issued Patch Tuesday updates for June 2018 that address a total of 50 flaws, 11 critical remote code execution vulnerabilities and 39 issues rated as important. The tech giant also issued some mitigations […]
North Korea-linked Lazarus APT group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security. According to researchers at AlienVault, North Korea-linked hackers planted an ActiveX zero-day vulnerability on the website of a South Korean think tank focused on national security. The experts attributed the attack to the notorious Lazarus APT group […]
VMware has found a critical remote code execution vulnerability in the AirWatch Agent applications for Android and Windows Mobile. The agent is installed by users on a mobile device in order to allow the AirWatch to manage it. The flaw, tracked as CVE-2018-6968, âmay allow for unauthorized creation and execution of files in the Agent sandbox […]
US authorities announced the arrest of 74 individuals as part of an international law enforcement operation dubbed ‘operation WireWire’ targeting BEC scams. On Monday, the U.S. authorities announced the arrest of 74 individuals as part of an international law enforcement operation dubbed ‘operation WireWire’ targeting business email compromise (BEC) scams. The authorities conducted the investigation for over […]