securityXspace: a blog about cyber-philosophy.

Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook. Source: Irked Researcher Discloses Facebook WordPress Plugin Flaws

Netflix security team discovers the new “SACK” Panic security vulnerability. The Netflix security team discovered these flaws during routine security testing work. They are triggered by sending a series of malicious packets to vulnerable systems. The result can slow or crash the target system – effectively triggering a remote Kernel panic. Major vendors have released…

An unsecured database of personal information, including phone numbers, salary expectations and openness to new job opportunities, of about 1.6 million job seekers from around the world has been discovered online, according to research published Monday. The database, found by independent researcher Anurag Sen in May, includes information on professionals from the US, Australia, Japan and…

Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key. Source: Yubico recalls FIPS Yubikey tokens after flaw found

With the incidence of reported data breaches on the rise, more than half of all C-suite executives (C-Suites) (53%) and nearly three in 10 Small Business Owners (SBOs) (28%) who suffered a breach reveal that human error or accidental loss by an external vendor/source was the cause of the data breach, according to a Shred-it…

Pierluigi Paganini: Today I’d like to share an interesting and heavily obfuscated Malware which made me thinking about the meaning of ‘Targeted Attack’. Nowadays a Targeted Attack is mostly used to address state assets or business areas. For example a targeted attack might address Naval industry ( MartyMcFly example is definitely a great example) or…

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 31 and June 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are…

Dark Reading: A researcher has found a significant exploit in one of the most frequently used text editors. Security researcher Arminius has discovered a hackable vulnerability and exploit in Vim, arguably the most commonly used text editor among developers, hackers, and system engineers. Vim is generally included as “vi” in most Unix and MacOS distributions. The vulnerability takes…

https://securityaffairs.co/wordpress/87125/breaking-news/xenotime-targets-us-apac.html

By David Fiser, Jakub Urbanec and Jaromir Horejsi Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. Source: AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs