Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. Source link … [Read more...] about Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
Vulnerabilities
Ukrainian Charged With Launching 100 Million Malicious Ads
Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions. Source link … [Read more...] about Ukrainian Charged With Launching 100 Million Malicious Ads
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. Source link … [Read more...] about WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
Snowballing attacks using a recently patched critical bug show no sign of abating. Source link … [Read more...] about Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack
Cisco patches two high-severity bugs that could be exploited by remote attackers. Source link … [Read more...] about High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack
Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting
Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar. Source link … [Read more...] about Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting
High-Severity PrinterLogic Flaws Enable Remote Code Execution
The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers. Source link … [Read more...] about High-Severity PrinterLogic Flaws Enable Remote Code Execution
Tor Security Add-On Abruptly Killed by Mozilla Bug
A digital signing flaw killed add-ons for Firefox as well as Tor -- and no patch is yet available for Tor users. Source link … [Read more...] about Tor Security Add-On Abruptly Killed by Mozilla Bug
Extinguishing the IoT Insecurity Dumpster Fire
Will connected devices be insecure forever? Or will legislation - such as the recent UK mandate announced this week - help boost IoT security? Source link … [Read more...] about Extinguishing the IoT Insecurity Dumpster Fire
Amid Bug Bounty Hype, Sometimes Security is Left in the Dust
Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind. Source link … [Read more...] about Amid Bug Bounty Hype, Sometimes Security is Left in the Dust