A new botnet, tracked as Death botnet has appeared in the threat landscape and is gathering unpatched AVTech devices with an old exploit. A new botnet, tracked as ‘Death botnet,’ has appeared in the threat landscape, its author that goes online with the moniker EliteLands is gathering unpatched AVTech devices in the malicious infrastructure. AVTech […]
The Apache Software Foundation has rolled out security updates for the Tomcat application server that address several flaws. The Apache Software Foundation has released security updates for the Tomcat application server that address several vulnerabilities, including issues that trigger a denial-of-service (DoS) condition or can lead to information disclosure. Apache Tomcat is an open-source Java Servlet Container that implements […]
Security researchers have found a high severity flaw (CVE-2018-5383) affecting some Bluetooth implementations that allow attackers to manipulate traffic. Security researchers at the Israel Institute of Technology have found a high severity vulnerability affecting some Bluetooth implementations that could be exploited by an unauthenticated remote attacker in physical proximity of two targeted devices to monitor and manipulate the traffic […]
It is common for developers to use debugging tools with elevated privileges while they are trying to troubleshoot their code. But crooks can abuse them too. In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. […]
The US Government is warning of continuous intrusions in National critical infrastructure and it is blaming the Kremlin for the cyber attacks. According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them. These attacks could have dramatic consequence, an attack against […]
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by targeting the Return Stack Buffer (RSB). “rather than exploiting the […]
Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code on affected devices. The first vulnerability, tracked as CVE-2018-3937, is a […]
Proofpoint uncovered a massive malspam campaign leveraging emails delivering weaponized PDF documents containing malicious SettingContent-ms files. Security experts from Proofpoint have uncovered a massive malspam campaign, crooks sent hundreds of thousands of emails delivering weaponized PDF documents containing malicious SettingContent-ms files. Experts attributed the malspam campaign to the cybercriminal group tracked as TA505, the attackers […]
F5 experts observed a spike in the attacks in the days prior to the Trump-Putin meeting on July 16 that was held in Helsinki, Finland. Important events represent an element of attraction for cyber attacks, in June we discussed the Trump-Kim summit and the way Singapore that held it was hit by an unprecedented number of attacks […]
SingHealth, the largest healthcare group in Singapore, suffered a massive data breach that exposed 1.5 Million patient records. The largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5 million patients who visited the clinics of the company between May 2015 and July 2018. Stolen records include […]