Hack the Air Force 3.0 – The US DoD announced that more than 30 white hat hackers earned $130,000 for more than 120 vulnerabilities. The U.S. Defense Department, along with bug bounty platform HackerOne, presented the results of the third bug bounty program Hack the Air Force. The program started on October 19 and lasted […]
Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability.H The security researcher SandboxEscaper is back and for the third time in a few months, released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows OS. Since August, SandboxEscaper has publicly dropped exploits for two Windows zero-day vulnerabilities forcing […]
Microsoft has issued an out-of-band security update to fix a critical zero-day flaw in the Internet Explorer (IE) browser. Microsoft has rolled out an out-of-band security update to address a critical zero-day vulnerability affecting the Internet Explorer (IE) browser. According to the tech giant, attackers already exploited in the wild the vulnerability tracked as CVE-2018-8653. The zero-day […]
Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language. The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of […]
U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information. According to the data breach notification, hackers have breached at least one of the agencyâs servers, the security breach impacted both past and present employees. Website SpaceRef published a data breach notification note sent by the NASA […]
Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state actors. The flaw affected […]
Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues. Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as âcritical.â The list of vulnerabilities includes DoS, privilege escalation and code execution flaws. Security experts at Kaspersky Lab discovered that SINUMERIK 808D, 828D and 840D controllers are […]
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate cybersecurity for the protection of the United States’ ballistic missile defense systems […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! STOLEN PENCIL campaign, hackers target academic institutions. WordPress […]
Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol. The expert discovered that some permissions such as that to access direct messages, remained […]