securityXspace

securityXspace: a blog about cyber-philosophy.

  • Evolving the kill chain approach to protect cloud-based applications

    How can the kill chain tackle this new breed of attacks on critical cloud applications? By Paolo Passeri As an information security professional, you’re likely to have heard about the cyber kill chain framework being used for identification and prevention of cyber intrusions. The model was established by Lockheed Martin and follows the military approach of…

  • Yubico Replacing YubiKey FIPS Devices Due to Security Issue

    Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA signatures generated on these devices to have reduced strength. read more Source: Yubico Replacing YubiKey FIPS Devices Due to Security Issue

  • Millions of Exim mail servers are currently under attack

    Hackers are targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions, threat actors leverage the CVE-2019-10149 flaw. Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are under attack, threat actors are exploiting the CVE-2019-10149 flaw to take over them. Source: Millions of Exim mail servers are currently…

  • XSS Vulnerability Exposed Google Employees to Attacks

    A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information. read more Source: XSS Vulnerability Exposed Google Employees to Attacks

  • AI-enabled cyber attacks a reality soon, warns Mikko Hypponen

    Technology continues to shape human conflict and artificial intelligence will be no exception, so business needs to up its ability to detect attacks and respond, says security expert Warwick Ashford writes: Cyber attacks enabled by artificial intelligence (AI) technology have yet to be seen in real-world attacks, but organisations could soon be defending against a new order…

  • Ransomware disrupts worldwide production for Belgian aircraft parts maker

    ASCO Industries, a manufacturer of aerospace components with headquarters in Zaventem, Belgium, has been hit with ransomware, which ended up disrupting its production around the world. The attack reportedly started on Friday and the extent of the internal damage is still unknown. Source: Ransomware disrupts worldwide production for Belgian aircraft parts maker

  • Cisco Releases Security Update for Cisco IOS XE

    Original release date: June 12, 2019 Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary…

  • Vulnerable Software – The Gift that Keeps on Giving

    by Stephen Gates Concerning the latest data breaches on record, this past May was rather noteworthy. A host of organizations from around the world announced in fact, that they had experienced a data breach.  From online retailers, travel booking sites, and high-tech startups, to social sharing sites, healthcare billing firms, and even title insurance companies, the long list of victims just got longer.…

  • Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor

    From TrendMicro Security Intelligence Blog: By Augusto Remillano II.  One of our honeypots detected a URL spreading a botnet with a Monero miner bundled with a Perl-based backdoor component. The routine caught our attention as the techniques employed are almost the same as those used in the Outlaw hacking group’s previous operation. Read Full Article: Outlaw Hacking Group’s Botnet…

  • Researchers discover “Fishwrap” influence campaign recycling old terror news

    Enlarge / Old news, new fish. (credit: Rick Barrentine/Getty Images) Researchers at Recorded Future have uncovered what appears to be a new, growing social media-based influence operation involving more than 215 social media accounts. Source: Researchers discover “Fishwrap” influence campaign recycling old terror news