Unofficial Patch Available for Latest Windows Zero-Day Exploit
While Microsoft is still working on fixing a recently disclosed privilege escalation vulnerability in Windows, security firm ACROS Security has stepped in to provide a temporary patch for the flaw. The unofficial fix is available through 0patch.com, a service through which ACROS Security develops so-called micropatches for zero-day and other ... Read More
Air Canada Resets Customer Passwords After Hackers Access Data
Air Canada is forcing all users of its Mobile+ app to change their passwords after hackers managed to access the profile information, including names, email addresses, birth dates and passport details of some customers. The company detected unusual login behavior through its mobile application between Aug. 22 and 24 that ... Read More
Someone Dropped a Windows Zero-Day Exploit on GitHub
A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter and then deleted their account. The exploit is still available on GitHub and has been confirmed to work ... Read More
Mirai IoT Malware Variant Abuses Linux Cross-Compilation Framework
Researchers have found a malware program based on Mirai that has binaries for many platforms and CPU architectures, allowing it to run even on Linux servers or Android phones. The difficulty of compiling malware that works out of the box on the large variety of architectures and Linux-based systems used ... Read More
Critical Vulnerability Patched in Apache Struts
The Apache Struts web development framework has received new security updates to address a critical vulnerability that could allow attackers to compromise web applications and servers. Apache Struts is widely used for developing web applications in enterprise environments. The failure to patch a known critical vulnerability in the framework led ... Read More
Microsoft Pushes Microcode Updates for Foreshadow CPU Flaws
Microsoft has released patches for Windows 10 and Windows Server 2016 that update the microcode for some Intel microprocessors to address CPU vulnerabilities, including the recently announced Foreshadow flaws. Foreshadow, or L1 Terminal Fault (L1TF), allows attackers to extract sensitive information from a CPUs L1 data cache and was publicly ... Read More
Necurs Botnet Launches Campaign Against Banks
The Necurs botnet has been observed pushing an unusual malware campaign that almost exclusively targets users and employees within the financial sector. Necurs is one of the largest and longest-lived botnet that’s still in operation today. Over the years it has been used to distribute various types of malware programs, ... Read More
Microsoft Seizes Domains Set Up by Russian Cyberspies
Microsoft has seized six domains that were registered by Russian cyberespionage group Fancy Bear and mimicked the websites of U.S. political organizations and think tanks. “One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including ... Read More
IKEv1 Vulnerabilities Break IPsec VPN Security in Cisco, Huawei, ZyXEL Gear
A team of researchers has found vulnerabilities in implementations of the Internet Key Exchange version 1 (IKEv1) protocol in firewalls and other networking gear that support IPsec VPN tunnels. If exploited, the flaw can allow attackers to bypass authentication and impersonate clients or servers. IKEv1 is an older version of ... Read More
New Foreshadow Vulnerabilities Defeat Memory Defenses on Intel CPUs
Security researchers have uncovered a new way to exploit the speculative execution feature of Intel CPUs to bypass memory security barriers and leak protected information. The vulnerability, known as Foreshadow or L1 Terminal Fault (L1TF), has three variants. The original variant was discovered by a team of researchers from KU ... Read More