The development team of phpMyAdmin has fixed a CSRF vulnerability in phpMyAdmin that could be exploited by attackers for removing items from shopping cart. Researcher Ashutosh Barot has discovered a critical CSRF vulnerability in phpMyAdmin that could be exploited by attackers to perform malicious operations like drop tables and delete records. phpMyAdmin developers released the version 4.7.7 that addresses the CSRF vulnerability found by Barot. “By deceiving a user to click on...
Read More
The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely. Choosing passwords For one, avoid the most often used passwords. SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also...
Read More
The Mirai botnet is kind of like Madonna. They both were huge once, and then the adoring public shifted their attention to younger, newer acts but they keep on performing anyway. We wrote about Mirai extensively after we predicted its construction in our first IoT report, DDoS’s Newest Minions: IoT Devices in 2016. Mirai has been in the news again recently. In December, Brian Krebs reported1 that two men had...
Read More
An analysis of how unprepared businesses are to fight back against the continued problem of ransomware is featured in the latest edition of the ISMG Security Report. Ed Amoroso, CEO of TAG Cyber and former CISO at AT&T, predicts ransomware attacks will be even more widespread and devastating in 2018, and that without the proper tools, businesses will scramble to recover. In the Security Report...
Read More
Security researchers have uncovered a sophisticated phishing campaign targeting organizations involved in the Pyeongchang Olympics with a weaponized Word doc, and using a range of obfuscation techniques to fly under the radar. The malicious document is written in fluent Korean and named “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”, according to McAfee. It was aimed at a number of organizations providing...
Read More