Schneider Electric has patched last week four flaws affecting the U.motion Builder software, including two critical command execution vulnerabilities. Schneider Electric U.motion Builder is a tool designed for creating projects for U.motion devices that are used in critical manufacturing, energy, and commercial facilities industries. “This exploit occurs when the submitted data of an input string is evaluated […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · Crooks used a KilllDisk wiper in an […]
This week, security experts observed a surge in port 8000 scan activity, researchers at Qihoo 360 Netlab determined that the unusual activity was associated with Satori IoT botnet. Experts from Qihoo 360 Netlab discovered that the author of the Satori botnet have integrated a the proof-of-concept (PoC) code for the XionMai web server software package after it was […]
Researchers uncovered a new malware campaign spreading a clipboard hijacker dubbed ClipboardWalletHijacker that has already infected over 300,000 computers. Security researchers from Qihoo 360 Total Security have spotted a new malware campaign spreading a clipboard hijacker, tracked as ClipboardWalletHijacker, that has already infected over 300,000 computers. Most of the victims are located in Asia, mainly China. “Recently, […]
The Europol announced that several French nationals were arrested in the past year on suspicion of being involved with notorious Rex Mundi crime gang. Another success of the Europol made the headlines, the European police announced that several French nationals were arrested in the past year on suspicion of being involved with notorious hacker group […]
The GitHub account of the Syscoin cryptocurrency was compromised by hackers that replaced the official Syscoin Windows client with a tainted version. The Syscoin clients allow users to mine Syscoin cryptocurrency or manage Syscoin funds. The other versions in the v3.0.4.1 release were not replaced, this means that Mac and Linux clients were not replaced by the hackers. The […]
Researchers observed a spike in the number of cyber-attacks targeting Singapore during the Trump-Kim Summit, from June 11 to June 12. Researchers at F5 Labs have observed a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un in […]
A new vulnerability involving side channel speculative execution on Intel chips, known as LazyFP, has been announced and assigned CVE-2018-3665. A new vulnerability tracked as LazyFP (CVE-2018-3665) involving side channel speculative execution affects Intel CPUs, like previous ones it could be exploited by hackers to access sensitive information from the affected system. The vulnerability was discovered […]
GnuPG 2.2.8 released earlier this month addresses the CVE-2018-12020 vulnerability, dubbed SigSpoof, affecting GnuPG, Enigmail, GPGTools, and python-gnupg. GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications. GnuPG version 2.2.8 released earlier this month addresses the CVE-2018-12020 vulnerability, dubbed SigSpoof, affecting GnuPG, […]
76. Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab Bad news for Kaspersky, European Parliament passed a resolution […]