Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked. In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed to gain access to...
Read More
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company’s bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. Proof-of-concept code demonstrates how easy it would be for an app developer to distribute arbitrary links...
Read More
In July 2017, 360 Security Center discovered the first virus Trojan infected with MBR and VBR. It was named “Double- Gun”. In the following year, we found that the virus author frequently updated the virus version to increase the profitability and ability to fight against security software, and the virus transmission channels are constantly changing. Recently, we found that the latest version of the “Double-Gun”...
Read More
For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reported late Tuesday. The attack was discovered by Area 1, an anti-phishing firm based in Redwood City, California, that was founded in 2013 by three former National Security Agency officials....
Read More
Description: WordPress 5.0 and prior versions are affected by multiple vulnerabilities. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
Description: Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653 https://www.kb.cert.org/vuls/id/573168/
Description: Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc
Recently, 360 Security Center detected that the GandCrab ransomware is back to attack Windows-based servers and PCs. We also found that if it detects that the computer system is using the Russian language, it will stop intruding. Not only that, but we also recently discovered that the GrandCrab ransomware will stop invading war-torn areas. On 16th October, a Syrian user said on Twitter that GandCrab...
Read More
Microsoft has officially confirmed that they are going to be gutting Edge and converting it into a Chromium based browser. While the engine will change, Microsoft has stated that they will continue utilizing the Microsoft Edge name and will now bring the browser to all supported Windows platforms. Microsoft explains that they plan on switching Edge to a Chromium-based engine in order to provide better...
Read More
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute arbitrary code on the targeted computer and eventually...
Read More
