Cybersecurity News

Cybersecurity News including Analytics, CISO, Cloud Security, Cybercrime, Data Security, DevOps, GRC, IoT, Social Engineering, Threats & Breaches and more.

Criminals Use Jackpotting Attack

CPU Speculative Execution Hits Again with 2 New Spectre Variants

At the beginning of this year, the Spectre and Meltdown vulnerabilities shined a spotlight on the security risks associated with the speculative execution feature of modern CPUs. Since then, researchers have kept digging and found new issues, the latest additions being two new variants of the Spectre flaw dubbed Spectre ... Read More
Cisco Report Cyber Attacks

Dark Market Shop Sells RDP Access to Airport System for $10

Stolen or brute-forced remote desktop protocol (RDP) credentials have played a central role in many data breaches over the years and cybercriminals have made a business out of selling them on the underground market. For as little as $3, hackers can buy remote access into sensitive systems belonging to businesses, ... Read More
SolarWinds Acquires Trusted Metrics

SolarWinds Acquires Trusted Metrics

SolarWinds moved to expand its portfolio of security technologies by acquiring Trusted Metrics, a provider of real-time threat monitoring and management software. SolarWinds immediately then launched SolarWinds Threat Monitor, a tool for detecting suspicious activity and malware by aggregating asset data, security events, host intrusion detections and network intrusion detections ... Read More
Criminals Use Jackpotting Attack

Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday

Microsoft fixed 54 vulnerabilities across its products July 10 as part of its monthly patch cycle. Seventeen of those flaws are rated critical and three of them have been publicly disclosed before the patches were released. In terms of impact, nearly half of the flaws—27—can lead to remote code execution ... Read More
Data Regulation Data Breaches

Cyberespionage Group Steals Certificates to Sign Malware

A cyberespionage group has stolen code-signing certificates from D-Link and another Taiwanese technology company and used them to sign a backdoor program. BlackTech is a group of attackers known for targeting organizations from East Asia, particularly from Japan, Taiwan and Hong Kong. According to an analysis last year by researchers ... Read More
Security Boulevard's 5 Most Read Stories for the Week, July 2-6

Security Boulevard’s 5 Most Read Stories for the Week, July 2-6

A new week, a new crop of security stories. Last week, Privacy in Public Places, Fileless Malware, Spam Bots and Fake Accounts and Cryptomining Worm MassMiner made headlines. Also, we offered some insight into Securing the Network—and Your Organization’s Future. Missed out on any of the news? Here are the ... Read More
Hide-N-Seek IoT Botnet Starts Infecting Database Servers

Hide-N-Seek IoT Botnet Starts Infecting Database Servers

Hide ‘N Seek (HNS), an IoT botnet known for infecting home routers, IP cameras and digital video recorders, has recently started compromising NoSQL database servers. HNS was discovered by researchers from antivirus firm Bitdefender in January and stood out among other IoT threats due to its use of peer-to-peer communications ... Read More
Gentoo Repository Compromised Due to Weak Admin Password

Gentoo Repository Compromised Due to Weak Admin Password

The Gentoo Linux project has finished investigating the hacking last week of its GitHub-hosted package repository, an incident that resulted in attackers distributing malicious code to users. The point of entry turned out to be a weak admin password that was probably guessed thanks to data stolen from another website ... Read More
Spyware Skygofree Targets Android

Attackers Test New Document Attack Vector That Slips Past Office Defenses

After abusing Microsoft Office macros, Dynamic Data Exchange (DDE) and Object Linking and Embedding (OLE), attackers have found a new document feature they can leverage to execute malicious code on computers. The new attack vector was first documented last month by Specter Ops researcher Matt Nelson and relies on embedding ... Read More
Apple Ships Meltdown Patch

Macros-based Attack Deploys Malware by Hijacking Desktop Shortcuts

A new attack that uses documents with malicious macros modifies legitimate application shortcut files from the Windows desktop to trick users into executing a backdoor program. The poisoned documents distributing this threat were observed recently by researchers from Trend Micro and contained Russian text. The first stage of the infection ... Read More