Olympic Destroyer Moves from Pyeongchang to Europe and Russia
Olympic Destroyer, the threat actor that targeted the 2018 Winter Olympics in Pyeongchang, South Korea, has launched new attacks against organizations from Russia, Ukraine and several other European countries. To sabotage the 2018 Winter Olympics computer infrastructure, the group used a destructive network worm. Initial evidence suggested the attack was ... Read More
Security Flaws Allow Attackers to Hijack 400 Axis Camera Models
Axis Communications, one of the largest manufacturers of video surveillance equipment in the world, has fixed critical security flaws that affect some 390 of its network camera models. The vulnerabilities were found by researchers from IoT security firm VDOO as part of a research project called Vizavis that focuses on ... Read More
Multipurpose Trojan MysteryBot Targets Android Devices
Cybercriminals have a new Android malware program in their toolbox called MysteryBot that can serve multiple purposes: banking Trojan, keylogger and ransomware. The Trojan was identified by researchers from threat intelligence firm ThreatFabric and seems to be related to the LokiBot Android banking trojan—possibly even created by the same authors ... Read More
Intel Faces Yet Another Speculative Execution Flaw in Its CPUs
As predicted by security researchers, the Meltdown and Spectre vulnerabilities announced this year were just the tip of the iceberg when it comes to security issues related to the speculative execution feature of modern CPUs. In coordination with operating system makers, Intel has revealed a new vulnerability dubbed LazyFP, or ... Read More
Microsoft Fixes 11 Critical Flaws, Readies Patches for Spectre Variant 4
Microsoft has fixed 50 vulnerabilities in its products during this month’s Patch Tuesday, 11 of which are rated critical. The company has also released mitigation for the new Spectre variant announced last month, known as Spectre Variant 4 or Speculative Store Bypass. One of the critical flaws is located in ... Read More
Study: More than 5 Percent of Monero Cryptocurrency was Mined by Malware
Unauthorized cryptocurrency mining has been one of the major malware trends this year, with attackers managing to mine more than 5 percent of Monero coins currently in circulation using abused devices. Researchers from Palo Alto Networks have analyzed around 630,000 samples of cryptocurrency mining malware captured by the company’s systems ... Read More
Cisco Patches Critical Flaws in IOS XE and Prime Collaboration Provisioning
Cisco Systems has released a new set of patches this week for a variety of products, including updates for IOS XE and Prime Collaboration Provisioning that fix two critical vulnerabilities. The Cisco IOS XE Software, the company’s operating system for networking devices such as routers, has a critical flaw in ... Read More
Flash Update Fixes Zero-Day Flaw Used in Targeted Attack
Adobe Systems released a security update for Flash Player to fix four vulnerabilities, including one that was discovered in an attack targeting individuals and organizations from the Middle East. Two of the patched vulnerabilities, CVE-2018-4945 and CVE-2018-5002, are rated critical and can lead to arbitrary code execution. The other two, ... Read More
VPNFilter Targets More Devices Than Initially Reported
The sophisticated VPNFilter botnet that enslaved more than 500,000 routers and network-attached storage (NAS) devices is capable of infecting more devices than initially believed. The initial reports about VPNFilter identified 16 device models from Linksys, MikroTik, Netgear, TP-Link and QNAP that were being targeted by the malware. Since then, researchers ... Read More
Zip Slip Vulnerability Affecting Thousands of Apps Puts Systems at Risk
Thousands of software projects and libraries contain code that extracts archives in an insecure way, allowing attackers to write arbitrary files outside the intended directories. In many cases, this can lead to remote code execution. The vulnerability, dubbed Zip Slip, was found by researchers from code security scanning firm Synk ... Read More
