Archive
Waterbug APT Hackers used hijacked infrastructure to attack governments and international organizations through various campaigns using new and publically available malware. The group also use living off the land for executing process on the systems. Symantec observed the targeted attack
US CERT Warns of DHS Phishing Scam
An email phishing scam tries to dupe its victims by appearing to be from the Department of Homeland Security (DHS). According to a June 18 US CERT alert, the email lures users into downloading malware through a malicious attachment. “The
High-Risk Vulnerabilities in iOS, Android Apps
The vast majority of mobile apps store data insecurely, according to Positive Technologies researchers who discovered high-risk security vulnerabilities in 38% of iOS apps and 43% of Android apps. “But this difference is not significant, and the overall security level
California Suffered Highest Number of Breaches
Over the past decade, California has had the highest number of data breaches and the greatest number of records exposed, according to new research from Comparitech. In the new report, Protected: Which States Have the Most Data Breaches?, researchers analyzed
OWASP Top 10 Proactive Security Controls For Software Developers to Build Secure Software
Proactive Controls for Software developers describing the more critical areas that software developers must focus to develop a secure application. The OWASP Top 10 Proactive Controls 2018 contains a list of security techniques that every developer should consider for every
Samba released security updates for a couple of vulnerabilities that could cause Denial of Service in dnsserver and LDAP server crash. Denial of Service in DNS Server The vulnerability allows an authenticated user to crash the RPC server via a
Florida City Pays $600K to Ransomware Authors
A Florida city has agreed to pay cyber-criminals $600,000 to regain access to computer systems encrypted with ransomware, highlighting the continued threat to organizations from extortion-based attacks. The Riviera Beach City Council voted unanimously to pay off the hackers, after
UK Identity Fraud Jumps 8% to New All-Time High
Identity fraud rose by 8% in the UK last year to hit an all-time high, with both the very young and old experiencing the biggest increases, according to Cifas. The anti-fraud non-profit’s latest Fraudscape report for 2018 was compiled as
Organizations are struggling to gain real-time visibility into their security technologies and suffering from an excessive number of tools running across the enterprise, according to new research from Panaseer. The security monitoring firm polled 200 enterprise CISOs to better understand
According to security researchers at Trend Micro, a cyberespionage campaign is targeting Android users in Middle Eastern countries. Security researchers at Trend Micro have spotted a cyberespionage campaign, dubbed ‘Bouncing Golf, that is targeting Android users in Middle Eastern countries.
WINSpect is the PowerShell based windows auditing tool to enumerate and identify security weaknesses with windows platform and results of this audit can be useful for further hardening. Download the WINSpect Tool Here. Installation Open the Powershell with admin privileges
Oracle Patched Another Zero-Day Vulnerability that Can be Exploited Without Authentication
Oracle released an emergency security update for another critical remote code execution vulnerability that can be exploited by the remote attacker to gain control over the system. The vulnerability can be tracked as CVE-2019-2729 and has a CVSS Base Score
SACK Panic Vulnerability in Linux
Researchers at Netflix have discovered new denial-of-service (DoS) vulnerabilities in Linux and FreeBSD kernels, including a severe vulnerability called SACK Panic that could allow malicious actors to remotely crash servers and disrupt communications, according to an advisory published at its
Security Should Be Business Focused, Says ISF
A security assurance program that focuses on business needs can help organizations meet the needs of business stakeholders, according to a new report released by Information Security Forum (ISF). The report, Establishing a Business-Focused Security Assurance Program, offers organizations ways
Most global organizations benefit from better security in the cloud than on-premise, with some key exceptions, including data loss prevention and configuration settings, according to McAfee. The security giant polled 1000 enterprises around the world and combined its findings with
Eatstreet, the online food ordering service, disclosed a security breach that exposed customer payment card data and details of partners EatStreet, an online and mobile food ordering service, disclosed a security breach that exposed customer payment card data and details