Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

Kapersky Labs - Mon, 28/01/2019 - 16:04
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.
Categories: News

WordPress Users Urged to Delete Zero-Day-Ridden Plugin

Kapersky Labs - Mon, 28/01/2019 - 14:39
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
Categories: News

Q. What connects the global financial crisis, Ursnif malware, and Coldplay's Viva la Vida?

The Register - Mon, 28/01/2019 - 07:03
A. Bad things from 2008 we can't seem to shake

A piece of banking malware that first debuted more than a decade ago is once again wrecking havoc.…

Categories: News

Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed...

The Register - Sat, 26/01/2019 - 11:04
...PHP's PEAR sabotaged for months, and more from the world of infosec

Roundup  This week we saw Hadoop hacks, Exchange exploits, and Deadpool besting scammers.…

Categories: News

LabKey Vulnerabilities Threaten Medical Research Data

Kapersky Labs - Fri, 25/01/2019 - 22:16
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
Categories: News

Whats(goes)App must come down... World in shock as Zuck decides to intertwine Facebook, Instagram, WhatsApp

The Register - Fri, 25/01/2019 - 21:53
Takeover leads to consolidation? Unfathomable (adjusted for sarcasm)

Analysis  In an unprecedented decision that has left tech observers struggling to contain their shock, Facebook has decided to create a common software architecture for its three main apps: Facebook Messenger, Instagram, and WhatsApp.…

Categories: News

Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...

The Register - Fri, 25/01/2019 - 21:26
Theme park's attempt to shoot down lawsuit snubbed by top judges

Analysis  The Illinois Supreme Court on Friday ruled a family's lawsuit that claims downmarket-Disneyland Six Flags broke the US state's Biometric Privacy Act can proceed.…

Categories: News

Threatpost News Wrap Podcast For Jan. 25

Kapersky Labs - Fri, 25/01/2019 - 19:21
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
Categories: News

Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch

Kapersky Labs - Fri, 25/01/2019 - 18:43
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.
Categories: News

Razy Malware Attacks Browser Extensions to Steal Cryptocurrency

Kapersky Labs - Fri, 25/01/2019 - 16:44
The malware targets victims in multiple, sneaky ways as they move around the web.
Categories: News

UK-EU infosec data sharing may not be KO'd by Brexit, reckons ENISA bod

The Register - Fri, 25/01/2019 - 14:52
Ops director talks to El Reg about continential cybersecurity contrivances

Interview  A senior EU cybersecurity official has said he is “optimistic” about information sharing between the UK and the political bloc continuing after Brexit.…

Categories: News

Just keep slurping: HMRC adds two million taxpayers' voices to biometric database

The Register - Fri, 25/01/2019 - 13:45
But thousands opting out in 'backlash', says privacy group

HMRC's database of Brits' voiceprints has grown by 2 million since June – but campaign group Big Brother Watch has claimed success as 160,000 people turned the taxman's requests down.…

Categories: News

Data hackers are like toilet ninjas. This is not a clean crime, you know

The Register - Fri, 25/01/2019 - 09:15
Think of the ones you leave behind

Something for the Weekend, Sir?  This place is a mess. No, worse than that: it's a disaster area.…

Categories: News

You're an admin! You're an admin! You're all admins, thanks to this Microsoft Exchange zero-day and exploit

The Register - Fri, 25/01/2019 - 00:31
Easily swapped hashed passwords gives Domain Admin rights via API call. Fix may land next month

Microsoft Exchange appears to be currently vulnerable to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.…

Categories: News

A picture tells a 1,000 words. Pixels pwn up to 5 million nerds: Crims use steganography to stash bad code in ads

The Register - Thu, 24/01/2019 - 23:56
Apple fans lured into installing malware via crafty JavaScript

A strain of malware has been clocked using steganography to run malicious JavaScript on Macs via images in online banner ads, it was claimed this week.…

Categories: News

Fighting Fire with Fire: API Automation Risks

Kapersky Labs - Thu, 24/01/2019 - 22:03
A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.
Categories: News

SD-WAN admin? Your number came up in Cisco's latest bug list

The Register - Thu, 24/01/2019 - 18:30
Webex, security, IoT systems also need patches

Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product.…

Categories: News

ThreatList: Credential-Sniffing Phishing Attacks Erupted in 2018

Kapersky Labs - Thu, 24/01/2019 - 16:41
Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware.
Categories: News

Colour us shocked: Google in €50m GDPR fine appeal bombshell

The Register - Thu, 24/01/2019 - 15:35
Didn't see that coming

Google is to appeal the €50m data protection fine handed down to it by the French data protection agency earlier this week.…

Categories: News

Bit-and-Piece DDoS Method Emerges to Torment ISPs

Kapersky Labs - Thu, 24/01/2019 - 14:11
Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes.
Categories: News


Subscribe to Sec Tec Limited aggregator - News