securityXspace: a blog about cyber-philosophy.

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 12 and July 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are…

By Waqas The hackers stole the data and shared it with another hacking group who was involved in the hacking of another FSB contractor. On Saturday, 13 July 2019, a group of hackers going by the online handle of 0v1ru$ hacked and defaced the official website of SyTech, a high-profile contractor working for Russian intelligence…

Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back. Source: Nipe – Make Tor Default Gateway For…

Drupal developers on Wednesday informed users that version 8.7.4 is affected by a potentially serious vulnerability, and advised them to update to version 8.7.5, which addresses the issue. read more Source: Vulnerability Allows Hackers to Take Control of Drupal 8 Websites

Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. Source: EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

Oracle this week published its July 2019 Critical Patch Update (CPU), which brings a total of 319 security fixes across numerous product families. While fewer than 200 of these vulnerabilities can be exploited remotely without authentication, over 50 of them are rated Critical severity, almost all of them featuring a CVSS score of 9.8. read…

A flaw affects all WordPress websites where the Ad Inserter plugin version 2.4.21 or below is installed, and those affected are encouraged to update immediately Source: Critical WordPress plugin flaw leaves 200,000 sites at risk

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission. Apple pushes out further silent updates to protect users from sketchy app behaviour. Source: Apple pushes out another silent update to address flaws in RingCentral and other…

Publishing the keys should render existing versions of the ransomware far less dangerous for victims. Source: FBI Publishes GandCrab Decryption Keys

Original release date: July 16, 2019 The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom. Source: NCSC Releases 2019 Active Cyber Defence…