Cisco Takes Another Stab at Patching Recent WebEx Vulnerability
Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as WebExec or CVE-2018-15442, Oct. 24. The flaw was located in WebExService, a service installed on Windows machines by the ... Read More
ECC Memory Not Safe from Rowhammer Attack
Researchers have proven for the first that that error-correcting code (ECC) memory can be affected by the same bit-flipping attack known as Rowhammer that plagues regular DRAM memory. Rowhammer is a memory defect first documented in 2014 that occurs when a physical memory location is subjected to a large number or ... Read More
Adobe Patches Zero-Day Flaw in Flash Player
Adobe Systems fixed a critical vulnerability in Flash Player that was publicly disclosed by a researcher earlier this month. The vulnerability, tracked as CVE-2018-15981, is a type confusion issue that can lead to arbitrary code execution. It was fixed in Flash Player 31.0.0.153 for all platforms and browsers. Adobe didn’t ... Read More
RBS Survey: One-Third of Vulnerabilities Rated High or Critical This Year
There were more than 16,000 vulnerabilities disclosed during the first three quarters of this year and more than a third of them were rated high or critical—7.0 or higher in the Common Vulnerability Scoring System (CVSS). For the first time in recent history the number decreased year over year. The ... Read More
APT28 Pulls Out New Malware Cannon
The notorious Russian cyberespionage group known as APT28, Fancy Bear and Sofacy is targeting government organizations using a new Trojan program called Cannon. Researchers from Palo Alto Networks detected new spear-phishing campaigns from APT28 at the end of October and in early November that targeted organizations from North America, Europe ... Read More
Olympic Destroyer Returns with Improved Arsenal
The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure is still active and has recently been observed attacking organizations with an improved malware strain. The infrastructure at the Winter Olympic Games in Pyeongchang, South Korea, was briefly disrupted by an attack that used disk-wiping malware. Dubbed Olympic ... Read More
Galaxy S9, iPhone X, Xiaomi Mi6 Devices Hacked at Pwn2Own Contest
Two teams of hackers managed to break into the iPhone X, Samsung Galaxy S9 and Xiaomi Mi6 mobile devices at the mobile Pwn2Own contest held in Tokyo this week by using multiple types of exploits—moves that earned them more than $300,000. The first day of the contest started with a ... Read More
Researchers Find Most ATMs Vulnerable to Hacker Attacks
A new study that analyzed ATMs from three major manufacturers found that two-thirds of them were vulnerable to physical black box attacks and an even larger number were vulnerable to network attacks. The research project spanned two years and was carried out by researchers from security firm Positive Technologies. They ... Read More
Microsoft and Adobe Patch Zero-Day Vulnerabilities
Microsoft and Adobe Systems released their monthly scheduled security updates Nov. 14, both companies fixing some vulnerabilities that were known publicly before being patched. Microsoft fixed 62 vulnerabilities across its product portfolio, 12 of which are rated critical. Furthermore, 10 of those critical flaws can be exploited by opening malicious ... Read More
Hackers Exploit Critical Flaw in WordPress GDPR Compliance Plug-in
Hackers are breaking into WordPress websites by exploiting a recently patched privilege escalation vulnerability in a popular plug-in that allows site owners to conform to the GDPR user data collection requirements. The vulnerability was discovered last week after some WordPress users reported attacks against their websites. The plug-in was temporarily ... Read More