Cyber for the intelligent….
The social media giant Facebook has announced plans to launch a digital currency in 2020. If you’re a member of their platform and think they know all there is to know about you, some experts say just wait. That’s because Facebook will also gain access to all of your financial information as well.
Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About the vulnerability (CVE-2019-2729) “This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network …
Source: Another Oracle WebLogic Server RCE under active exploitation
If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.
Source: Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control Security Intelligence IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device with the …
Source: Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control
Kaspersky Labs write:
In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on victim computers.
Read full analysis: Plurox: Modular backdoor
Facebook’s Libra pitches to be the future of money BBC News How the social network aims to overcome trust issues to make people use its cryptocurrency.
“These tools totaled more than 30,000 successful decryptions and have saved victims roughly $US 50 MILLION in unpaid ransom,” also it cuts the ransomware operators monetization options. GandCrab a Look Back. The ransomware strain first spotted in January 2018; it is the most sophisticated and continuously changing ransomware.
Homeland Security has tested a working BlueKeep remote code execution exploit TechCrunch Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a …
Source: Homeland Security has tested a working BlueKeep remote code execution exploit
Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.
Source: Irked Researcher Discloses Facebook WordPress Plugin Flaws
Netflix security team discovers the new “SACK” Panic security vulnerability.
The Netflix security team discovered these flaws during routine security testing work. They are triggered by sending a series of malicious packets to vulnerable systems. The result can slow or crash the target system – effectively triggering a remote Kernel panic.
Major vendors have released a series of patches and workarounds.
The three vulnerabilities are:
AWS has also issued an advisory for its cloud customers.
More details are available in the security advisory posted on GitHub. Red Hat, SUSE and Debian also have helpful resources and information.
Read More:
