This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums
www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to hijack servers. No patch is known to be available.. Read also:
GandCrab Operators Resurface with REvile Malware
threatpost.com/gandcrab-operators-resurface-revile-malware/148631/ The malware that hit 22 Texas municipalities and various dentist offices around the country recently is likely the work of the crew behind the GandCrab ransomware indicating that the group didnt really retire after all.. According to a technical analysis of REvil, CTU researchers found that the string decoding functions employed by REvil and GandCrab are nearly identical.
[Maksumuurin takana] Vieraskolumni: Mainiot hupparimiehet virtuaalikoneissaan
www.tivi.fi/uutiset/tv/e9d7c55d-4295-4eb8-9818-23abf046fa7d Kyberhyökkäys sekoitti järjestelmät. Tietomurto kotimaisessa verkkokaupassa. Poliisi varoittaa haittaohjelmasta. Tietojenkalastelu edelleen aktiivista. Varo tätä, pelkää tuota, suojaudu näin.
Apple to Fix iOS Bug Granting Full Access to 3rd Party Keyboards
www.bleepingcomputer.com/news/security/apple-to-fix-ios-bug-granting-full-access-to-3rd-party-keyboards/ After releasing iOS 13.1 to fix a long list of bugs left unpatched in iOS 13, Apple says in a support document published today that an issue is impacting third-party iOS 13 and iPadOS keyboard extensions.
Alert AL19-201 -TFlower Ransomware Campaign
cyber.gc.ca/en/alerts/tflower-ransomware-campaign On 30 July 2019 a new variant of ransomware named TFlower was discovered. The Cyber Centre has become aware of this ransomware recently affecting the Canadian public.
The Criticality of the Network in Securing IoT and Critical Infrastructure
blogs.cisco.com/security/the-criticality-of-the-network-in-securing-iot-and-critical-infrastructure Security is the key to the success of any digital project, whether you are connecting critical infrastructure, industrial Internet of Things (IoT), or delivering data and telemetry to reduce costs and increase revenue. We have long advocated the need for a holistic approach to IoT security, and with it, shared the vital role the network plays in embedding security. To further demonstrate the networks role, lets explore how it can help us tackle a series of IoT-related security challenges.
Adobe Fixes Critical Security Vulnerabilities in Coldfusion
www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-coldfusion/ Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. Read also:
Varo Netflixin nimissä tehtävää huijausta voi osua erityisen vaikeaan aikaan [koska pankkitunnistautumisessa on muutoksia]
www.is.fi/digitoday/tietoturva/art-2000006250406.html Netflixin muistutukselta näyttävät huijausviestit saattavat harhauttaa varovaisiakin katsojia. Netflixin käyttäjiltä on yritetty huijata pankkitunnuksia pettävän aidon näköisten viestien ja verkkosivujen kautta. Huijaus osuu myös erityisen arkaan aikaan, kun pankkitunnistautumisissa on muutenkin meneillään suuria muutoksia. Tietoturvayhtiö MailGuardin havaitsema huijaus alkaa englanninkielisellä sähköpostilla, jonka aiheena on Your Netflix subscription has been cancelled, eli vastaanottajalle uskotellaan, että hänen Netflix-tilauksensa on suljettu. Lue myös:
Cybersecurity: Why you should hire staff from firms which have fallen victim to hackers
www.zdnet.com/article/cybersecurity-why-you-should-hire-staff-from-firms-which-have-fallen-victim-to-hackers/ It used to be the case that staff who’d dealt with the fallout of a cyber attack were seen as having failed – but they could be the answer to protecting your organisation from data breaches and cyber incidents. Companies which fall victim to cyber attacks and data breaches often come in for criticism, but one the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who’ve faced a major attack.
Leading Magecart Group Targeting Captive Wi-Fi Users via L7 Routers
TrickBot or Treat Knocking on the Door and Trying to Enter
www.fortinet.com/blog/threat-research/trickbot-or-treat-threat-analysis.html? The FortiGuard SE Team discovered a particularly interesting targeted attack towards the end of August in Virus Total. The attack targeted a supplier for a distribution/logistics provider to a nation state. The email contained an attachment that appeared to have been sent by a company that manufactures and distributes electrical components and other parts, and has likely dealt at least once with the targeted organization via email. After analyzing its email headers, we were able to determine that the malicious spam legitimately came from the actual sender. We say legitimately because the malicious spam email came from the actual email account of the user, but without their knowledge or consent. The originating IP address (at the time of publication) was not blacklisted, and appears to have been leased out to a residential user of a major ISP located in the same jurisdiction as the manufacturers official place of business.