by CIRT Team
CISCO addresses DoS bugs in CISCO ESA products [securityaffairs]
Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453 has been rated as “critical,” it is a memory corruption bug caused by improper input validation in emails signed with Secure/Multipurpose Internet Mail Extensions (S/MIME)....
Read More
by CIRT Team
OWASP Secure Coding Practices Checklist [informationsecuritycontrol]
Input Validation 1. Conduct all data validation on a trusted system (e.g., The server) 2. Identify all data sources and classify them into trusted and untrusted. Validate all data from untrusted sources (e.g., Databases, file streams, etc.) 3. There should be a centralized input validation routine for the application 4. Specify proper character sets, such as UTF-8, for all sources of input 5. Encode data to a common character set before validating (Canonicalize) 6. All validation...
Read More
by CIRT Team
Ryuk Ransomware Attack: Rush to Attribution Misses the Point [securingtomorrow]
During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to link the attack to North Korea. Determining attribution was largely based on the fact that the Hermes ransomware...
Read More
by CIRT Team
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection [source: thehackernews]
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works...
Read More
by CIRT Team
WordPress-Related Vulnerabilities Tripled in 2018 [bleepingcomputer]
WordPress-related vulnerabilities have seen a 300% increase in 2018 compared to the previous year, a recent study has found. Most of the bugs were in the plugins that extend the functionality of WordPress websites. Powering about 30% of all websites on the internet, WordPress is the most popular content management system (CMS), followed by Joomla and Drupal trailing behind at a safe distance. A product’s...
Read More
by CIRT Team
Google Removes 85 Adware Apps That Infect 9 Million Android Users [thehackernews]
Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users. With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money for its makers. The...
Read More
by CIRT Team
Customer data theft from Titan Manufacturing and Distributing company [securityaffairs]
Cyber criminals have stolen customer data from the Titan Manufacturing and Distributing company for nearly one year using a malware. Hackers hit the Titan Manufacturing and Distributing company and compromised its computer system to steal customer payment card data for an entire year. Attackers breached into the computer system at Titan Manufacturing and Distributing company to steal customer payment card data for roughly a year. The company...
Read More
by CIRT Team
Hackers Leak Personal Data from Hundreds of German Politicians On Twitter [thehackernews]
Germany has been hit with the biggest hack in its history. A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg’s prime minister Dietmar Woidke, along with some German artists, journalists, and YouTube celebrities. The leaked data that was published on a Twitter account (@_0rbit) and dated back to before October 2018 includes...
Read More
by CIRT Team
NASA Warns Employees of Personal Information Breach [thehackernews]
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked. In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed to gain access to...
Read More
by CIRT Team
The Clickjacking Bug that Facebook Won’t Fix [bleepingcomputer]
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company’s bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. Proof-of-concept code demonstrates how easy it would be for an app developer to distribute arbitrary links...
Read More
