securityXspace: a blog about cyber-philosophy.

Government agencies in Croatia have been targeted in fileless attacks with never before seen malware payload, dubbed SilentTrinity. Source: Entirely new malware, SilentTrinity, attacks Croation government

Victim firm Eurofins Scientific handles more than 70,000 criminal cases per year in the UK. Source: UK Forensics Firm Paid Ransom in Cyberattack

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 28 and July 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are…

A recent survey conducted by Gurucul of more than 320 IT security experts, found that 15 percent of people said they would delete files or change passwords upon exiting a company. Most organizations place their focus on defending against and detecting external cyberattacks. Source: Insider attacks still far more difficult to detect and prevent than…

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover. Source: WordPress Plugin WP Statistics Patches XSS Flaw

Canonical, the company behind the Ubuntu operating system, confirmed over the weekend that one of its GitHub accounts was hacked. read more Source: Canonical GitHub Account Hijacked

Britain’s Information Commissioner’s Office (ICO) today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year’s security breach. Source: British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Two malware campaigns were launched in June; one targeted South Koreans, while the other sought out financial institutions in Singapore, the United Arab Emirates and the US Source: TA505 cybergang debuts ‘AndroMut” downloader to deliver FlawedAmmyy RAT globally

Original release date: July 3, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Source: Cisco Releases Security Updates for Multiple Products

During an investigation into a possibly shared RTF weaponizer by Indian and Chinese APT groups, researchers have discovered that multiple Chinese groups have updated the weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798. Source: Multiple Chinese Groups Share the Same RTF Weaponizer