WordPress REST API Flaw Used to Install Backdoors
Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. [...]
https://www.bleepingcomputer.com/news/security/wordpress-rest-api-flaw-used-to-install-backdoors/
Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor. [...]
https://www.bleepingcomputer.com/news/security/wordpress-rest-api-flaw-used-to-install-backdoors/
BleepingComputer
WordPress REST API Flaw Used to Install Backdoors
Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor.
Chrome's Sandbox Feature Infringes on Three Patents So Google Must Now Pay $20M
After five years of litigation at various levels of the US legal system, today, following the conclusion of a jury trial, Google was ordered to pay $20 million to two developers after a jury ruled that Google had infringed on three patents when it designed some of Chrome's anti-malware features. [...]
https://www.bleepingcomputer.com/news/google/chromes-sandbox-feature-infringes-on-three-patents-so-google-must-now-pay-20m/
After five years of litigation at various levels of the US legal system, today, following the conclusion of a jury trial, Google was ordered to pay $20 million to two developers after a jury ruled that Google had infringed on three patents when it designed some of Chrome's anti-malware features. [...]
https://www.bleepingcomputer.com/news/google/chromes-sandbox-feature-infringes-on-three-patents-so-google-must-now-pay-20m/
BleepingComputer
Chrome's Sandbox Feature Infringes on Three Patents So Google Must Now Pay $20M
After five years of litigation at various levels of the US legal system, today, following the conclusion of a jury trial, Google was ordered to pay $20 million to two developers after a jury ruled that Google had infringed on three patents when it designedβ¦
Hacker Who Blackmailed Dozens of Female Victims Gets 8 Years in Prison
A New Hampshire hacker will spend the next eight years of his life in prison after he hacked into the email and social media accounts of dozens of females, including ten minors, and harassed and extorted victims into sending sexually explicit photos. [...]
https://www.bleepingcomputer.com/news/security/hacker-who-blackmailed-dozens-of-female-victims-gets-8-years-in-prison/
A New Hampshire hacker will spend the next eight years of his life in prison after he hacked into the email and social media accounts of dozens of females, including ten minors, and harassed and extorted victims into sending sexually explicit photos. [...]
https://www.bleepingcomputer.com/news/security/hacker-who-blackmailed-dozens-of-female-victims-gets-8-years-in-prison/
BleepingComputer
Hacker Who Blackmailed Dozens of Female Victims Gets 8 Years in Prison
A New Hampshire hacker will spend the next eight years of his life in prison after he hacked into the email and social media accounts of dozens of females, including ten minors, and harassed and extorted victims into sending sexually explicit photos.
PacketTotal - A Useful Site for Analyzing PCAP Files
If you are InfoSec professional who commonly deals with intrusion detection and response or malware analysis, a new site called PacketTotal may make your life easier. PacketTotal allows you to upload a PCAP, or packet capture, file and have it automatically analyzed and parsed against BRO IDS and Suricata signatures., [...]
https://www.bleepingcomputer.com/news/security/packettotal-a-useful-site-for-analyzing-pcap-files/
If you are InfoSec professional who commonly deals with intrusion detection and response or malware analysis, a new site called PacketTotal may make your life easier. PacketTotal allows you to upload a PCAP, or packet capture, file and have it automatically analyzed and parsed against BRO IDS and Suricata signatures., [...]
https://www.bleepingcomputer.com/news/security/packettotal-a-useful-site-for-analyzing-pcap-files/
BleepingComputer
PacketTotal - A Useful Site for Analyzing PCAP Files
If you are InfoSec professional who commonly deals with intrusion detection and response or malware analysis, a new site called PacketTotal may make your life easier. PacketTotal allows you to upload a PCAP, or packet capture, file and have it automaticallyβ¦
University DDoSed by Its Own IoT Devices
An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report. [...]
https://www.bleepingcomputer.com/news/security/university-ddosed-by-its-own-iot-devices/
An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report. [...]
https://www.bleepingcomputer.com/news/security/university-ddosed-by-its-own-iot-devices/
BleepingComputer
University DDoSed by Its Own IoT Devices
An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report.
Researchers Create PoC Ransomware That Targets ICS/SCADA Systems
Researchers from the Georgia Institute of Technology (GIT) have created a proof-of-concept ransomware strain that can alter programmable logic controller (PLC) parameters. The research team presented their work yesterday, at the RSA cyber-security conference in San Francisco. [...]
https://www.bleepingcomputer.com/news/security/researchers-create-poc-ransomware-that-targets-ics-scada-systems/
Researchers from the Georgia Institute of Technology (GIT) have created a proof-of-concept ransomware strain that can alter programmable logic controller (PLC) parameters. The research team presented their work yesterday, at the RSA cyber-security conference in San Francisco. [...]
https://www.bleepingcomputer.com/news/security/researchers-create-poc-ransomware-that-targets-ics-scada-systems/
BleepingComputer
Researchers Create PoC Ransomware That Targets ICS/SCADA Systems
Researchers from the Georgia Institute of Technology (GIT) have created a proof-of-concept ransomware strain named LogicLocker that can alter programmable logic controller (PLC) parameters. The research team presented their work yesterday, at the RSA cyberβ¦
75% of All Ransomware Developed by Russian-Speaking Criminals
Out of the 62 ransomware families found active in 2016, security firm Kaspersky Lab says that 47 of these strains contained artefacts that allowed attribution to Russian-speaking criminals. [...]
https://www.bleepingcomputer.com/news/security/75-percent-of-all-ransomware-developed-by-russian-speaking-criminals/
Out of the 62 ransomware families found active in 2016, security firm Kaspersky Lab says that 47 of these strains contained artefacts that allowed attribution to Russian-speaking criminals. [...]
https://www.bleepingcomputer.com/news/security/75-percent-of-all-ransomware-developed-by-russian-speaking-criminals/
BleepingComputer
75% of All Ransomware Developed by Russian-Speaking Criminals
Out of the 62 ransomware families found active in 2016, security firm Kaspersky Lab says that 47 of these strains contained artefacts that allowed attribution to Russian-speaking criminals.
Windows 10 Mobile Bug Exposes Personal Photos on Locked Devices
A Brazilian man named Wallace Da Paula has discovered a bug in Windows 10 Mobile OS that lets anyone with access to your phone bypass your lockscreen passcode and access the device's image gallery. [...]
https://www.bleepingcomputer.com/news/mobile/windows-10-mobile-bug-exposes-personal-photos-on-locked-devices/
A Brazilian man named Wallace Da Paula has discovered a bug in Windows 10 Mobile OS that lets anyone with access to your phone bypass your lockscreen passcode and access the device's image gallery. [...]
https://www.bleepingcomputer.com/news/mobile/windows-10-mobile-bug-exposes-personal-photos-on-locked-devices/
BleepingComputer
Windows 10 Mobile Bug Exposes Personal Photos on Locked Devices
A Brazilian man named Wallace Da Paula has discovered a bug in Windows 10 Mobile OS that lets anyone with access to your phone bypass your lockscreen passcode and access the device's image gallery.
Mysterious Girl at the Heart of Cyber-Espionage Campaign
During the past year, social media profiles belonging to a girl named Safeena Malik have been at the heart of a series of phishing attacks that have targeted journalists and activists investigating Qatari migrant worker labor issues. [...]
https://www.bleepingcomputer.com/news/security/mysterious-girl-at-the-heart-of-cyber-espionage-campaign/
During the past year, social media profiles belonging to a girl named Safeena Malik have been at the heart of a series of phishing attacks that have targeted journalists and activists investigating Qatari migrant worker labor issues. [...]
https://www.bleepingcomputer.com/news/security/mysterious-girl-at-the-heart-of-cyber-espionage-campaign/
BleepingComputer
Mysterious Girl at the Heart of Cyber-Espionage Campaign
During the past year, social media profiles belonging to a girl named Safeena Malik have been at the heart of a series of phishing attacks that have targeted journalists and activists investigating Qatari migrant worker labor issues.
Microsoft Delays February 2017 Security Updates Due to "Last Minute Issue"
In a short announcement posted on its blog today, Microsoft announced it was delaying today's Patch Tuesday security updates indefinitely until its engineers address a last minute issue the company expected to cause problems for customers, if deployed today. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-february-2017-security-updates-due-to-last-minute-issue-/
In a short announcement posted on its blog today, Microsoft announced it was delaying today's Patch Tuesday security updates indefinitely until its engineers address a last minute issue the company expected to cause problems for customers, if deployed today. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-delays-february-2017-security-updates-due-to-last-minute-issue-/
BleepingComputer
Microsoft Delays February 2017 Security Updates Due to "Last Minute Issue"
In a short announcement posted on its blog today, Microsoft announced it was delaying today's Patch Tuesday security updates indefinitely until its engineers address a last minute issue the company expected to cause problems for customers, if deployed today.
Adobe fixes 24 Security Vulnerabilities in Adobe Flash, Digital Editions, & Campaign
Adobe has released updates for Adobe Flash Player, Digital Editions, & Campaign that fix a total of 24 security vulnerabilities, with half of them being in Adobe Flash Player. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version. [...]
https://www.bleepingcomputer.com/news/security/adobe-fixes-24-security-vulnerabilities-in-adobe-flash-digital-editions-and-campaign/
Adobe has released updates for Adobe Flash Player, Digital Editions, & Campaign that fix a total of 24 security vulnerabilities, with half of them being in Adobe Flash Player. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version. [...]
https://www.bleepingcomputer.com/news/security/adobe-fixes-24-security-vulnerabilities-in-adobe-flash-digital-editions-and-campaign/
BleepingComputer
Adobe fixes 24 Security Vulnerabilities in Adobe Flash, Digital Editions, & Campaign
Adobe has released updates for Adobe Flash Player, Digital Editions, & Campaign that fix a total of 24 security vulnerabilities, with half of them being in Adobe Flash Player. As many of these vulnerabilities are rated as Critical, it is strongly advisedβ¦
Cerber Ransomware Doesn't Encrypt Files Belonging to Security Products
A variant of the Cerber ransomware spotted in the wild in the past month contains a function that searches for locally-installed security products and avoids encrypting their files, so firewalls, antivirus or antispyware products can continue working even after Cerber has locked the computer. [...]
https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-encrypt-files-belonging-to-security-products/
A variant of the Cerber ransomware spotted in the wild in the past month contains a function that searches for locally-installed security products and avoids encrypting their files, so firewalls, antivirus or antispyware products can continue working even after Cerber has locked the computer. [...]
https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-encrypt-files-belonging-to-security-products/
BleepingComputer
Cerber Ransomware Doesn't Encrypt Files Belonging to Security Products
A variant of the Cerber ransomware spotted in the wild in the past month contains a function that searches for locally-installed security products and avoids encrypting their files, so firewalls, antivirus or antispyware products can continue working evenβ¦
JavaScript Attack Breaks ASLR on 22 CPU Architectures
Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. [...]
https://www.bleepingcomputer.com/news/security/javascript-attack-breaks-aslr-on-22-cpu-architectures/
Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. [...]
https://www.bleepingcomputer.com/news/security/javascript-attack-breaks-aslr-on-22-cpu-architectures/
BleepingComputer
JavaScript Attack Breaks ASLR on 22 CPU Architectures
Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 processor micro-architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidiaβ¦
Mac Malware Linked to Infamous Russian Cyber-Espionage Group
Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android. [...]
https://www.bleepingcomputer.com/news/security/mac-malware-linked-to-infamous-russian-cyber-espionage-group/
Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android. [...]
https://www.bleepingcomputer.com/news/security/mac-malware-linked-to-infamous-russian-cyber-espionage-group/
BleepingComputer
Mac Malware Linked to Infamous Russian Cyber-Espionage Group
Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android.
Researchers Discover Self-Healing Malware That Targets Magento Stores
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database. [...]
https://www.bleepingcomputer.com/news/security/researchers-discover-self-healing-malware-that-targets-magento-stores/
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database. [...]
https://www.bleepingcomputer.com/news/security/researchers-discover-self-healing-malware-that-targets-magento-stores/
BleepingComputer
Researchers Discover Self-Healing Malware That Targets Magento Stores
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, which can self-heal using code hidden in the website's database.
Hacker Rasputin Breaches Over 60 Universities and Government Agencies
A financially-motivated, Russian-speaking hacker known as Rasputin, has breached and stolen data from universities in the US and the UK, and federal, state, and local US government agencies. [...]
https://www.bleepingcomputer.com/news/security/hacker-rasputin-breaches-over-60-universities-and-government-agencies/
A financially-motivated, Russian-speaking hacker known as Rasputin, has breached and stolen data from universities in the US and the UK, and federal, state, and local US government agencies. [...]
https://www.bleepingcomputer.com/news/security/hacker-rasputin-breaches-over-60-universities-and-government-agencies/
BleepingComputer
Hacker Rasputin Breaches Over 60 Universities and Government Agencies
A financially-motivated, Russian-speaking hacker known as Rasputin, has breached and stolen data from universities in the US and the UK, and federal, state, and local US government agencies.
Microsoft's February Patch Tuesday Moved to March 14
After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-february-patch-tuesday-moved-to-march-14/
After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-february-patch-tuesday-moved-to-march-14/
BleepingComputer
Microsoft's February Patch Tuesday Moved to March 14
After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month.
Researchers Create New System That Makes Bitcoin Transactions Harder to Track
Researchers from Boston University, North Carolina State University, and George Mason University have created a new protocol called TumbleBit that they say can anonymize Bitcoin transactions better than any other previously developed Bitcoin mixing service. [...]
https://www.bleepingcomputer.com/news/software/researchers-create-new-system-that-makes-bitcoin-transactions-harder-to-track/
Researchers from Boston University, North Carolina State University, and George Mason University have created a new protocol called TumbleBit that they say can anonymize Bitcoin transactions better than any other previously developed Bitcoin mixing service. [...]
https://www.bleepingcomputer.com/news/software/researchers-create-new-system-that-makes-bitcoin-transactions-harder-to-track/
BleepingComputer
Researchers Create New System That Makes Bitcoin Transactions Harder to Track
Researchers from Boston University, North Carolina State University, and George Mason University have created a new protocol called TumbleBit that they say can anonymize Bitcoin transactions better than any other previously developed Bitcoin mixing service.
Microsoft Exec Calls for a Geneva Convention for Cyber-Weapons
Brad Smith, Chief Legal Officer at Microsoft, has called on the world's nations to come together and sign a pact that regulates the use and proliferation of cyber-weapons, similar to the Geneva Convention signed in 1949. [...]
https://www.bleepingcomputer.com/news/government/microsoft-exec-calls-for-a-geneva-convention-for-cyber-weapons/
Brad Smith, Chief Legal Officer at Microsoft, has called on the world's nations to come together and sign a pact that regulates the use and proliferation of cyber-weapons, similar to the Geneva Convention signed in 1949. [...]
https://www.bleepingcomputer.com/news/government/microsoft-exec-calls-for-a-geneva-convention-for-cyber-weapons/
BleepingComputer
Microsoft Exec Calls for a Geneva Convention for Cyber-Weapons
Brad Smith, Chief Legal Officer at Microsoft, has called on the world's nations to come together and sign a pact that regulates the use and proliferation of cyber-weapons, similar to the Geneva Convention signed in 1949.
ISIS Supporters Targeted with Android OmniRAT Malware
Islamic State supporters are being targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit. [...]
https://www.bleepingcomputer.com/news/security/isis-supporters-targeted-with-android-omnirat-malware/
Islamic State supporters are being targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit. [...]
https://www.bleepingcomputer.com/news/security/isis-supporters-targeted-with-android-omnirat-malware/
BleepingComputer
ISIS Supporters Targeted with Android OmniRAT Malware
Islamic State supporters are being targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit.