cyber attacks

Cisco Takes Another Stab at Patching Recent WebEx Vulnerability

Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as WebExec or CVE-2018-15442, Oct. 24. The flaw was located in WebExService, a service installed on Windows machines by the ... Read More
Security Boulevard
Bitbucket

ECC Memory Not Safe from Rowhammer Attack

Researchers have proven for the first that that error-correcting code (ECC) memory can be affected by the same bit-flipping attack known as Rowhammer that plagues regular DRAM memory. Rowhammer is a memory defect first documented in 2014 that occurs when a physical memory location is subjected to a large number or ... Read More
Security Boulevard
phishing cybersecurity

Adobe Patches Zero-Day Flaw in Flash Player

Adobe Systems fixed a critical vulnerability in Flash Player that was publicly disclosed by a researcher earlier this month. The vulnerability, tracked as CVE-2018-15981, is a type confusion issue that can lead to arbitrary code execution. It was fixed in Flash Player 31.0.0.153 for all platforms and browsers. Adobe didn’t ... Read More
Security Boulevard
RBS Survey: One-Third of Vulnerabilities Rated High or Critical This Year

RBS Survey: One-Third of Vulnerabilities Rated High or Critical This Year

There were more than 16,000 vulnerabilities disclosed during the first three quarters of this year and more than a third of them were rated high or critical—7.0 or higher in the Common Vulnerability Scoring System (CVSS). For the first time in recent history the number decreased year over year. The ... Read More
Security Boulevard
Russian APT28 botnet FBI

APT28 Pulls Out New Malware Cannon

The notorious Russian cyberespionage group known as APT28, Fancy Bear and Sofacy is targeting government organizations using a new Trojan program called Cannon. Researchers from Palo Alto Networks detected new spear-phishing campaigns from APT28 at the end of October and in early November that targeted organizations from North America, Europe ... Read More
Security Boulevard
Olympic Destroyer Returns with Improved Arsenal

Olympic Destroyer Returns with Improved Arsenal

The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure is still active and has recently been observed attacking organizations with an improved malware strain. The infrastructure at the Winter Olympic Games in Pyeongchang, South Korea, was briefly disrupted by an attack that used disk-wiping malware. Dubbed Olympic ... Read More
Security Boulevard
certifications cybersecurity Microsoft IBM SANS online cybersecurity education Educational

Galaxy S9, iPhone X, Xiaomi Mi6 Devices Hacked at Pwn2Own Contest

Two teams of hackers managed to break into the iPhone X, Samsung Galaxy S9 and Xiaomi Mi6 mobile devices at the mobile Pwn2Own contest held in Tokyo this week by using multiple types of exploits—moves that earned them more than $300,000. The first day of the contest started with a ... Read More
Security Boulevard
ATMs Vulnerable to Hacker Attacks

Researchers Find Most ATMs Vulnerable to Hacker Attacks

A new study that analyzed ATMs from three major manufacturers found that two-thirds of them were vulnerable to physical black box attacks and an even larger number were vulnerable to network attacks. The research project spanned two years and was carried out by researchers from security firm Positive Technologies. They ... Read More
Security Boulevard
encryption

Microsoft and Adobe Patch Zero-Day Vulnerabilities

Microsoft and Adobe Systems released their monthly scheduled security updates Nov. 14, both companies fixing some vulnerabilities that were known publicly before being patched. Microsoft fixed 62 vulnerabilities across its product portfolio, 12 of which are rated critical. Furthermore, 10 of those critical flaws can be exploited by opening malicious ... Read More
Security Boulevard
Akamai JavaScript

Hackers Exploit Critical Flaw in WordPress GDPR Compliance Plug-in

Hackers are breaking into WordPress websites by exploiting a recently patched privilege escalation vulnerability in a popular plug-in that allows site owners to conform to the GDPR user data collection requirements. The vulnerability was discovered last week after some WordPress users reported attacks against their websites. The plug-in was temporarily ... Read More
Security Boulevard