Experts from McAfee Labs collected evidence that links DragonFly malware to other hacking campaigns, like BlackEnergy and TeamSpy attacks. On September 6, Symantec published a detailed analysis of the Dragonfly 2.0 campaign that targeted dozens of energy companies this year. Threat actor is the same behind the Dragonfly campaign observed in 2014. Further analysis conducted […]
Experts at NewSky Security scanned the Internet and discovered that “out of 1,475 unique IPs, 1,123 Lexmark printers had no security.” We think of Internet of Things (IoT) as all the “new” devices added to networks like webcams, Internet-connected toys, smarthome devices, etc. But we have been connecting unattended things to networks for a very long […]
Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities Last week, Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities that can be exploited by a remote and unauthenticated for remote code execution and command injection. The critical issue, […]
Two code execution vulnerabilities affecting version 5 of the vBulletin forum software were disclosed by researchers last week. Two code execution vulnerabilities affecting version 5 of the popular vBulletin forum CMS were disclosed by researchers last week via Beyond Securityâs SecuriTeam Secure Disclosure program. vBulletin is currently used by over 100,000 sites, including Fortune 500 […]
Traffic for Google, Apple, Facebook, Microsoft and other tech giants routed through Russia, experts believe it was an intentional BGP Hijacking. Last week a suspicious event routed traffic for major tech companies (i.e. Google, Facebook, Apple, and Microsoft) through a previously unknown Russian Internet provider. The event occurred on Wednesday, researchers who investigated it believe the traffic […]
Security researchers spotted a sophisticated malware campaign, tracked as Zealot campaign targeting Linux and Windows servers to install Monero miners. Security researchers from F5 Networks spotted a sophisticated malware campaign, tracked as Zealot campaign (after the name zealot.zip, one of the files dropped on targeted servers), targeting Linux and Windows servers to install Monero cryptocurrency miners. The campaign was detected […]
White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing. I was reading Tweets when I noticed the following post: I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with […]
Voter registration data for more than 19 million California residents stored in an unsecured MongoDB instance has been deleted and held for ransom. Voter registration data for more than 19 million California residents that was stored in an unsecured MongoDB database has been deleted and held for ransom by attackers. The incident was discovered by researchers at […]
Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […]
For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies currently owned by the UK giant NCC Group, disclosed a security breach that affected its infrastructure. According to the firm, on September 19 an unknown attacker carried […]