Category: Uncategorized

By David Fiser, Jakub Urbanec and Jaromir Horejsi Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. Source: AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

How can the kill chain tackle this new breed of attacks on critical cloud applications? By Paolo Passeri As an information security professional, you’re likely to have heard about the cyber kill chain framework being used for identification and prevention of cyber intrusions. The model was established by Lockheed Martin and follows the military approach of…

Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. read more Source: Yubico Replacing YubiKey FIPS Devices Due to Security Issue

Hackers are targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions, threat actors leverage the CVE-2019-10149 flaw. Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are under attack, threat actors are exploiting the CVE-2019-10149 flaw to take over them. Source: Millions of Exim mail servers are currently…

A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information. read more Source: XSS Vulnerability Exposed Google Employees to Attacks

ASCO Industries, a manufacturer of aerospace components with headquarters in Zaventem, Belgium, has been hit with ransomware, which ended up disrupting its production around the world. The attack reportedly started on Friday and the extent of the internal damage is still unknown. Source: Ransomware disrupts worldwide production for Belgian aircraft parts maker

From TrendMicro Security Intelligence Blog: By Augusto Remillano II.  One of our honeypots detected a URL spreading a botnet with a Monero miner bundled with a Perl-based backdoor component. The routine caught our attention as the techniques employed are almost the same as those used in the Outlaw hacking group’s previous operation. Read Full Article: Outlaw Hacking Group’s Botnet…

Enlarge / Old news, new fish. (credit: Rick Barrentine/Getty Images) Researchers at Recorded Future have uncovered what appears to be a new, growing social media-based influence operation involving more than 215 social media accounts. Source: Researchers discover “Fishwrap” influence campaign recycling old terror news

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The recently released Microsoft Patch Tuesday security updates for June 2019 failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Source: Google…