securityXspace: a blog about cyber-philosophy.

Willful negligence and deceit by Cisco…. and I thought Huawei were the bad guys. “Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.” Source: Cisco ‘Knowingly’ Sold Hackable Video Surveillance…

Malwarebytes present their quarterly look at the latest and greatest in exploit kits: Exploit kits: summer 2019 review

Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey. Source: Container Security Is Falling Behind Container Deployments

Flaws that allow attackers to bypass the payment limits on Visa contactless cards have been discovered by researchers Leigh-Anne Galloway and Tim Yunusov at Positive Technologies. The attack was tested with five major UK banks, successfully bypassing the UK contactless verification limit of £30 on all tested Visa cards, irrespective of the card terminal. Source:…

Wow! A little grounding from the Register, who respond the hysterical headlines about small plane hacking: PASSENGERS IN PERIL? CRISIS IN THE SKIES? No – but neat ways to frig with your own aircraft An investigation into the computer security of small airplanes, the results of which were made public this week, will be sure…

Google’s cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. Source: Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

This sounds scary: Vulnerabilities in VxWorks’ TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices. Source: Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices

Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. Source: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 19 and July 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically…

RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH. RandIP – Network Mapper Features: HTTP and HTTPS enumeration Python enumeration exploits SSH enumeration exploits Logger and error-code handler SSH and Telnet Timeouts to…