Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : iOS 11.2.2 Safari 11.0.2 macOS High Sierra 10.13.2 Impact: An attacker could exploit these vulnerabilities to obtain access to sensitive information. Mitigation: Updates are available. Please see the Apple security pages for more information. Reference URL’s: https://support.apple.com/en-us/HT208401 https://support.apple.com/en-us/HT208403 https://support.apple.com/en-us/HT208397
Description: VMware has released security updates to address multiple vulnerabilities for the following products vRealize Operations for Horizon (V4H) vRealize Operations for Published Applications (V4PA) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) Horizon View Client for Windows Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references...
Read More
Apparel retailer Forever 21 says point-of-sale systems in some of its stores were infected by malware for up to seven months, compromising shoppers’ payment card data. On Tuesday, Forever 21 issued an update on its investigation into the “payment card security incident” that it first announced in November. The retailer now says that an investigation conducted by a third-party incident response firm that it hired...
Read More
Despite awareness of the need for cybersecurity, many consumers are not taking proactive steps to keep their personal information protected from identity theft. With the increased volume of attacks and breaches, 61% of consumers surveyed claimed that they are more worried about cybersecurity today than they were five years ago. Recent McAfee research reveals that 33% of consumers rank protecting their identity as their number one...
Read More
Windows users whose PCs run on Intel processors can apparently expect their computers to slow down after next Tuesday. In fact, all computers using modern Intel chips – whether they run Windows, Linux or macOS – are expected to suffer a performance hit in the coming days. The reason for this unwelcome change is a fundamental design flaw discovered in Intel’s processor chips, more specifically...
Read More
In the cyber security world, record setting has an entirely different connotation It’s one thing to talk in generalities about how massive the data breach problem is, but it’s another thing to understand the actual statistics. The numbers tell a powerful story about how pervasive cyber attacks have become These 2017 statistics, along with predictions for the coming years, provide eye-opening insight into how cyber...
Read More
Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named “Trackmageddon” that affect several GPS and location tracking services. These GPS tracking services are basic databases that collect geolocation data from smart GPS-enabled devices, such as pets trackers, car trackers, kids trackers, and other “[insert_name] tracker” products. Data is collected on a per-device basis and...
Read More
The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution Probability rather then Attribution by itself. “This attack belongs to X...
Read More
Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or IOTrooper. Ankit Anubhav, researcher at NewSky Security first identified the code on Monday that was posted...
Read More
The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code. The WordPress security team has intervened and removed all plugins from the official WordPress Plugins Directory. WordPress security firm Wordfence discovered the...
Read More
