File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code
Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to upload a malicious script and potentially get remote code execution. [...]
https://www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/
Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to upload a malicious script and potentially get remote code execution. [...]
https://www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/
BleepingComputer
File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code
Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to upload a malicious script and potentially get remote codeβ¦
A Look at 3 Illicit Mining Groups Who Target Enterprise Services
New research explores the similarities of three illicit mining cybercrime groups that are known to compromise enterprise services in order to install miners. Combined, these three groups have generated approximately 1,200 Monero coins, [...]
https://www.bleepingcomputer.com/news/security/a-look-at-3-illicit-mining-groups-who-target-enterprise-services/
New research explores the similarities of three illicit mining cybercrime groups that are known to compromise enterprise services in order to install miners. Combined, these three groups have generated approximately 1,200 Monero coins, [...]
https://www.bleepingcomputer.com/news/security/a-look-at-3-illicit-mining-groups-who-target-enterprise-services/
BleepingComputer
A Look at 3 Illicit Mining Groups Who Target Enterprise Services
New research explores the similarities of three illicit mining cybercrime groups that are known to compromise enterprise services in order to install miners. Combined, these three groups have generated approximately 1,200 Monero coins,
Widespread Apple ID Phishing Attack Pretends to be App Store Receipts
A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. Once a user clicks the link, down the rabbit hole they go. [...]
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts/
A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. Once a user clicks the link, down the rabbit hole they go. [...]
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts/
BleepingComputer
Widespread Apple ID Phishing Attack Pretends to be App Store Receipts
A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. Once a user clicks the link, down the rabbit hole they go.
ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore
Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code. [...]
https://www.bleepingcomputer.com/news/security/asus-gigabyte-drivers-contain-code-execution-vulnerabilities-pocs-galore/
Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code. [...]
https://www.bleepingcomputer.com/news/security/asus-gigabyte-drivers-contain-code-execution-vulnerabilities-pocs-galore/
BleepingComputer
ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore
Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
Remote Firmware Attack Renders Servers Unbootable
Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware. [...]
https://www.bleepingcomputer.com/news/security/remote-firmware-attack-renders-servers-unbootable/
Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware. [...]
https://www.bleepingcomputer.com/news/security/remote-firmware-attack-renders-servers-unbootable/
BleepingComputer
Remote Firmware Attack Renders Servers Unbootable
Security researchers have found a way to corrupt the firmware of a critical component usually found in servers to turn the systems into an unbootable hardware assembly. The recovery procedure requires physical intervention to replace the malicious firmware.
Social Security Numbers of NASA Employees May Be in Hackersβ Hands
A possible compromise of servers where NASA stored data on current and former employees may have given hackers access to social security numbers (SSN) and personally identifiable information (PII). [...]
https://www.bleepingcomputer.com/news/security/social-security-numbers-of-nasa-employees-may-be-in-hackers-hands/
A possible compromise of servers where NASA stored data on current and former employees may have given hackers access to social security numbers (SSN) and personally identifiable information (PII). [...]
https://www.bleepingcomputer.com/news/security/social-security-numbers-of-nasa-employees-may-be-in-hackers-hands/
BleepingComputer
Social Security Numbers of NASA Employees May Be in Hackersβ Hands
A possible compromise of servers where NASA stored data on current and former employees may have given hackers access to social security numbers (SSN) and personally identifiable information (PII).
Microsoft's Windows Sandbox Runs Programs in an Isolated Desktop
Microsoft is introducing a new feature called Windows Sandbox that will allow you to safely run executables in a throw-away virtualized sandbox without fear of your regular Windows install becoming infected. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-windows-sandbox-runs-programs-in-an-isolated-desktop/
Microsoft is introducing a new feature called Windows Sandbox that will allow you to safely run executables in a throw-away virtualized sandbox without fear of your regular Windows install becoming infected. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-windows-sandbox-runs-programs-in-an-isolated-desktop/
BleepingComputer
Microsoft's Windows Sandbox Runs Programs in an Isolated Desktop
Microsoft is introducing a new feature called Windows Sandbox that will allow you to safely run executables in a throw-away virtualized sandbox without fear of your regular Windows install becoming infected.
Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day
Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in targeted attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-releases-out-of-band-security-update-for-internet-explorer-rce-zero-day/
Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in targeted attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-releases-out-of-band-security-update-for-internet-explorer-rce-zero-day/
BleepingComputer
Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day
Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability beingβ¦
Windows 10 Insider Build 18305 Released with Tons of New Features
Microsoft has released Windows 10 Insider Preview Build 18305 (19H1) to insiders in the Fast ring. This is going to be the last Windows Insider build released in 2018 and it comes with a ton of new features such as the Windows Sandbox, new Windows Defender settings, streamlined menus and interfaces, Friendly Dates, and more. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18305-released-with-tons-of-new-features/
Microsoft has released Windows 10 Insider Preview Build 18305 (19H1) to insiders in the Fast ring. This is going to be the last Windows Insider build released in 2018 and it comes with a ton of new features such as the Windows Sandbox, new Windows Defender settings, streamlined menus and interfaces, Friendly Dates, and more. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18305-released-with-tons-of-new-features/
BleepingComputer
Windows 10 Insider Build 18305 Released with Tons of New Features
Microsoft has released Windows 10 Insider Preview Build 18305 (19H1) to insiders in the Fast ring. This is going to be the last Windows Insider build released in 2018 and it comes with a ton of new features such as the Windows Sandbox, new Windows Defenderβ¦
Keybase Pays $5,000 Bounties for Privilege Escalation Bugs in Linux and macOS Apps
Keybase received two separate reports for security issues in its app for Linux and macOS that led to privilege escalation on the system. For each of them, the developer paid a bounty of $5,000. [...]
https://www.bleepingcomputer.com/news/security/keybase-pays-5-000-bounties-for-privilege-escalation-bugs-in-linux-and-macos-apps/
Keybase received two separate reports for security issues in its app for Linux and macOS that led to privilege escalation on the system. For each of them, the developer paid a bounty of $5,000. [...]
https://www.bleepingcomputer.com/news/security/keybase-pays-5-000-bounties-for-privilege-escalation-bugs-in-linux-and-macos-apps/
BleepingComputer
Keybase Pays $5,000 Bounties for Privilege Escalation Bugs in Linux and macOS Apps
Keybase received two separate reports for security issues in its app for Linux and macOS that led to privilege escalation on the system. For each of them, the developer paid a bounty of $5,000.
BleepingComputer.com is now a partner with No More Ransom!
BleepingComputer is humbled and honored to announce that we have joined NoMoreRansom.org as an associate partner! We have been providing ransomware information, support, and the amazing decryptors from Michael Gillespie since the beginning and this partnership will enable more victims to receive the help they need. [...]
https://www.bleepingcomputer.com/news/security/bleepingcomputercom-is-now-a-partner-with-no-more-ransom/
BleepingComputer is humbled and honored to announce that we have joined NoMoreRansom.org as an associate partner! We have been providing ransomware information, support, and the amazing decryptors from Michael Gillespie since the beginning and this partnership will enable more victims to receive the help they need. [...]
https://www.bleepingcomputer.com/news/security/bleepingcomputercom-is-now-a-partner-with-no-more-ransom/
BleepingComputer
BleepingComputer.com is now a partner with No More Ransom!
BleepingComputer is humbled and honored to announce that we have joined NoMoreRansom.org as an associate partner! We have been providing ransomware information, support, and the amazing decryptors from Michael Gillespie since the beginning and this partnershipβ¦
Windows Zero-Day PoC Lets You Read Any File with System Level Access
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations. [...]
https://www.bleepingcomputer.com/news/security/windows-zero-day-poc-lets-you-read-any-file-with-system-level-access/
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations. [...]
https://www.bleepingcomputer.com/news/security/windows-zero-day-poc-lets-you-read-any-file-with-system-level-access/
BleepingComputer
Windows Zero-Day PoC Lets You Read Any File with System Level Access
For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations.
Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers
Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. [...]
https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/
Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts. [...]
https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/
BleepingComputer
Fake Amazon Order Confirmations Push Banking Trojans on Holiday Shoppers
Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts.
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
A well-known hacking group linked with China's intelligence and security agency has been pilfering secrets for over a decade from organizations in at least 12 countries, from a diverse range of industries. [...]
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
A well-known hacking group linked with China's intelligence and security agency has been pilfering secrets for over a decade from organizations in at least 12 countries, from a diverse range of industries. [...]
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
BleepingComputer
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
A well-known hacking group linked with China's intelligence and security agency has been pilfering secrets for over a decade from organizations in at least 12 countries, from a diverse range of industries.
How to Decrypt the Stupid Ransomware Family with StupidDecrypter
Stupid Ransomware is a family of ransomware infections that are typically utilized by less skilled developers and many utilize themes based on movies, pop-culture, or pretend to be law enforcement. This family of ransomware infections are created using an open source project that was posted to GitHub. [...]
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-stupid-ransomware-family-with-stupiddecrypter/
Stupid Ransomware is a family of ransomware infections that are typically utilized by less skilled developers and many utilize themes based on movies, pop-culture, or pretend to be law enforcement. This family of ransomware infections are created using an open source project that was posted to GitHub. [...]
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-stupid-ransomware-family-with-stupiddecrypter/
The Week in Ransomware - December 21st 2018 - No More Ransomware
Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-21st-2018-no-more-ransomware/
Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-21st-2018-no-more-ransomware/
BleepingComputer
The Week in Ransomware - December 21st 2018 - No More Ransomware
Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware.
The Clickjacking Bug that Facebook Won't Fix
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company's bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. [...]
https://www.bleepingcomputer.com/news/security/the-clickjacking-bug-that-facebook-wont-fix/
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company's bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. [...]
https://www.bleepingcomputer.com/news/security/the-clickjacking-bug-that-facebook-wont-fix/
BleepingComputer
The Clickjacking Bug that Facebook Won't Fix
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company's bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it doesβ¦
Info on Over 500,000 Students and Staff Exposed in San Diego School District Hack
Personal information belonging to over half a million students going back the 2008-2009 school year, parents, and staff members of San Diego Unified School District (SDUSD) may have been compromised in a data breach incident. [...]
https://www.bleepingcomputer.com/news/security/info-on-over-500-000-students-and-staff-exposed-in-san-diego-school-district-hack/
Personal information belonging to over half a million students going back the 2008-2009 school year, parents, and staff members of San Diego Unified School District (SDUSD) may have been compromised in a data breach incident. [...]
https://www.bleepingcomputer.com/news/security/info-on-over-500-000-students-and-staff-exposed-in-san-diego-school-district-hack/
BleepingComputer
Info on Over 500,000 Students and Staff Exposed in San Diego School District Hack
Personal information belonging to over half a million students going back the 2008-2009 school year, parents, and staff members of San Diego Unified School District (SDUSD) may have been compromised in a data breach incident.
New Tech Support Scam Causes Chrome Browser to Use 100% of the CPU
A new tech support scam has been discovered that uses JavaScript to create a loop that ultimately causes Google Chrome to use up all of the CPU resources on the computer and freeze the browser. [...]
https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/
A new tech support scam has been discovered that uses JavaScript to create a loop that ultimately causes Google Chrome to use up all of the CPU resources on the computer and freeze the browser. [...]
https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/
BleepingComputer
New Tech Support Scam Causes Chrome Browser to Use 100% of the CPU
A new tech support scam has been discovered that uses JavaScript to create a loop that ultimately causes Google Chrome to use up all of the CPU resources on the computer and freeze the browser.
Hacking Christmas Lights For Fun and Mischief
Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet. [...]
https://www.bleepingcomputer.com/news/security/hacking-christmas-lights-for-fun-and-mischief/
Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet. [...]
https://www.bleepingcomputer.com/news/security/hacking-christmas-lights-for-fun-and-mischief/
BleepingComputer
Hacking Christmas Lights For Fun and Mischief
Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet.
Orange LiveBox Modems Targeted for SSID and WiFi Info
A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. [...]
https://www.bleepingcomputer.com/news/security/orange-livebox-modems-targeted-for-ssid-and-wifi-info/
A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. [...]
https://www.bleepingcomputer.com/news/security/orange-livebox-modems-targeted-for-ssid-and-wifi-info/
BleepingComputer
Orange LiveBox Modems Targeted for SSID and WiFi Info
A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet.