Cyber Security Newsfeeds from around the world
You weren’t able to make it to Las Vegas this year? Check out these ten short reviews of useful tools for threat intelligence researchers and threat hunters presented at Black Hat USA 2018: Xori: Automated Disassembly. Malware disassembly can be quite …
Continue ReadingDescription. Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt …
Continue ReadingCurrent Description. A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The …
Continue Readingby Jaromir Horejsi, Joseph C. Chen, Kawabata Kohei, and Kenney Lu. Together with our colleagues at IssueMakersLab , we uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discove…
Continue ReadingThe digital domain has radically increased democracy’s already vulnerable surface area. The same platforms and networks that allow us to communicate instantaneously, provide transparency in government & military and pursue global efficiencies in busine…
Continue ReadingIn a recent survey of more than 500 companies in the U.S. and globally, 68% said they are better prepared than their competitors to fend off a cyberattack. The survey, conducted by FICO and Ovum, also found that smaller businesses were even more confid…
Continue Reading#1226150: Security firm released Singularity, an open source DNS Rebinding attack tool. Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has re…
Continue ReadingA DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost. This attack technique could be exploited to target a vulnerable machine and exploit vulnerabilities in a…
Continue ReadingResearchers working for two industrial cybersecurity firms have discovered several critical and high severity vulnerabilities in Emerson DeltaV DCS Workstations. The vendor has released patches that should resolve the flaws. Emerson DeltaV Workstations…
Continue ReadingA security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 12.04 ESM. Summary: USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM. Software Description: – linux-lts-trusty: Linux ha…
Continue Reading