Description: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Impact: The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in...
Read More
Description: On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP for Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. Impact: The vulnerability is due to the use of a static key value stored in the application used to encrypt the...
Read More
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
ব্লু হোয়েল কী? ব্লু হোয়েল সোশ্যাল মিডিয়াভিত্তিক একটি ডিপওয়েব গেম। যেসব কম বয়সী ছেলেমেয়ে অবসাদে ভোগে তারাই সাধারণত এতে আসক্ত হয়ে পড়েন। ভারতে ব্লু হোয়েলে আসক্ত হয়ে আত্মঘাতী কয়েক তরুণের সুইসাইডাল নোটে লেখা হয়েছে, ব্লু হোয়েলে ঢোকা যায়, বের হওয়া যায় না। জানা যায়, ব্লু হোয়েল গেমে ৫০টি ধাপ রয়েছে। ৫০টি ধাপ ৫০ দিনে অতিক্রম করতে হয়। প্রথমদিকের ধাপগুলোতে সহজ কিছু থাকে। এর প্রতিটি ধাপ...
Read More
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How will it do that? You may or may not know that, since 2015, Google has been offering domain name registration services, and it operates domains such as .google, .how, and .dev (among others). And now, Google will start adding...
Read More
WhatsApp has the honor of being the most popular app on iOS enterprise devices, but also the most blacklisted app on enterprise networks. This is one of the findings of the Appthority Enterprise Mobile Security Pulse Report for Q3 2017; a report put together by scanning millions of devices running the company’s mobile security solutions. The gathered data allowed Appthority insight into the most popular apps...
Read More
An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information, which includes corporate usernames, passwords, and billing documents, for sale at 15 Bitcoins...
Read More
Whole Foods Market, the supermarket chain acquired recently by Amazon for $13.7 billion, informed customers this week that it has launched an investigation after learning that some of its point-of-sale (PoS) systems may have been hacked. The company has provided only few details as the investigation is ongoing. However, it said the incident appears to impact taprooms and full table-service restaurants located within some of...
Read More
Do you know if your Mac’s low-level firmware is up to date with the latest patches? You might not be able to, researchers say. Apple’s security updates for macOS sometime include patches for serious vulnerabilities in the firmware that runs beneath the operating system. So you might think you’re safe if you keep your OS version up to date, but that’s not always the case....
Read More
There’s an ongoing PayPal Phishing Campaign in the wild which sends HTML attachments that spoof PayPal Forms and request users for sensitive information. This campaign was particularly interesting because the email body was encoded with Unicode characters which look similar to corresponding ASCII Characters. Homographic attacks are usually performed to craft URLs which look like legitimate URLs by substituting some of the ASCII characters with...
Read More
