A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The...
Read More
Description: Microsoft has released a security update to address a vulnerability in the Yammer desktop application. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569
Description: libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Description: Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.drupal.org/sa-core-2018-006
Description: Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x
Description: Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone...
Read More
New Banking malware called “DanaBot” actively attacking various counties organization with sophisticated evasion technique and act as a Stealer and ability to gain remote access from targeted victims machine. DanaBot content some evasion technique such as extensive anti-analysis features and targeting various countries including Poland, Italy, Germany, and Austria, Australia and mainly targeting organization in the U.S. DanaBot is a banking malware written in the Delphi...
Read More
Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose. Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file...
Read More
