A security researcher has found a serious vulnerability in a building automation product from Sauter AG that could be exploited to steal files from an affected system. Sauter AG CASE Suit is a building automation product used worldwide that is affected by a high severity XML external entity (XXE) vulnerability that could be exploited to steal files from an affected […]
USB removable storage devices are the main vector for malware attacks against industrial facilities, states Honeywell report. According to a report published on by Honeywell, malware-based attacks against industrial facilities mostly leverage USB removable storage devices Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX), a product it has launched in 2017 and that was designed […]
PortSmash side-channel flaw that could be exploited with a timing attack to steal information from other processes running in the same CPU core. PortSmash is a new side-channel vulnerability that could be exploited with a timing attack to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. A group of […]
The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web. Researchers from Recorded Future’s Insikt Group and McAfee’s Advanced Threat Research team have discovered a new version of the malware that is offered through a RaaS distribution program on the Dark Web. […]
A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France. The hacker stole more than 65 gigabytes of documents back in June, the huge trove of documents includes nuclear power plant plants and blueprints for prisons and tram networks. According to the media, some […]
Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition […]
Austal, a top Australia defence firm reports also working with the United States Navy has suffered a serious security breach. Austal, a top Australia defence firm reports working with the US Navy has suffered a serious security breach, hackers accessed to personnel files and that it was the subject of an extortion attempt. Austal reported the data breach to the Australian Securities […]
According to the New York Times, FIFA has suffered the second hack in a year, new documents are set to be published on Friday by Football Leaks. The Fédération Internationale de Football Association, aka FIFA, is a governing body of association football, futsal, and beach soccer. FIFA reveals it was the victim of a new successful phishing campaign that resulted in the exposed […]
Two vulnerabilities in new Bluetooth chip, dubbed BLEEDINGBIT expose millions of access points and other networking devices to remote attacks. Security experts from the IoT security firm Armis, the same that found the BlueBorne Bluetooth flaws, have discovered two serious vulnerabilities in BLE chips designed by Texas Instruments. The flaws, dubbed BLEEDINGBIT by Armis, could be exploited by a remote and […]
Security experts from Cisco Talos have uncovered two recent sextortion scam campaigns that appear to leverage on the Necurs botnet infrastructure. Experts from Cisco Talos analyzed the two campaigns, one of them began on August 30, the other on October 5, the researchers named them ‘Aaron Smith’ sextortion scams after the ‘From: header’ of the messages. […]