DoubleDoor IoT Botnet Abuses Two Vulnerabilities to Circumvent Firewalls, Modems

The DoubleDoor Internet of Things (IoT) botnet circumvents firewall protection and other security measures by abusing two vulnerabilities. Detected by NewSky Security in its honeypot logs, DoubleDoor begins by deploying CVE-2015-7755. The vulnerability allows remote attackers to gain administrative access to ScreenOS, an operating system for Juniper Networks’ hardware firewall devices, by entering a hardcoded … Read More The post DoubleDoor IoT Botnet Abuses Two Vulnerabilities to Circumvent Firewalls, Modems appeared first on The State of Security.
Read more

AndroRAT Exploiting Vulnerability to Escalate Privileges on Android Devices

A new variant of the Android Remote Access Tool (AndroRAT) is exploiting a vulnerability to escalate privileges on unpatched Android devices. The malware disguises itself as a utility app called “TrashCleaner” and waits for users to download it from a malicious URL. Upon running for the first time, the malicious app forces the device to … Read More The post AndroRAT Exploiting Vulnerability to Escalate Privileges on Android Devices appeared first on The State of Security.
Read more

Security hole meant Grammarly would fix your typos, but let snoopers read your every word

A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet. The Grammarly real-time spelling and grammar checker, which has over seven million daily users, describes itself as all you need to ensure that “everything you type is clear,
Read more

Grammarly Fixes Vulnerability that Exposes Users’ Data for All Websites

Grammarly has fixed a vulnerability that exposes users’ typos, documents, and other data for all websites with which they’ve used the platform. Tavis Ormandy, a Google computer security researcher who discovered a memory disclosure bug in CloudFlare’s reverse-proxy systems in February 2017, wrote up a security advisory about the Grammarly flaw on 2 February. In … Read More The post Grammarly Fixes Vulnerability that Exposes Users’ Data for All Websites appeared first on The State of Security.
Read more

Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online … Read More The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on The State of Security.
Read more

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

On Jan. 31, KISA (KrCERT) published an advisory about an Adobe Flash zero-day vulnerability (CVE-2018-4878) being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation could potentially allow an attacker to take control of the affected system. FireEye began investigating the vulnerability following the release of the initial advisory from KISA. Threat Attribution We assess that the actors employing this latest Flash zero-day are a suspected North Korean group we track as TEMP.Reaper. We have observed TEMP.Reaper operators directly interacting with their command and control infrastructure from IP addresses assigned to the STAR-KP network in Pyongyang. The STAR-KP network is operated as a joint venture between the North Korean Government's Post and Telecommunications Corporation and Thailand-based Loxley Pacific. Historically, the majority of their targeting has been focused on the South Korean government, military, and defense industrial base; however, they have expanded to other international targets in the last year. They have taken interest in subject matter of direct importance to the...
Read more

Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Cisco has patched a remote code execution (RCE) vulnerability bearing a “perfect” CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following 10 Cisco products: 3000 Series … Read More The post Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software appeared first on The State of Security.
Read more
Page 1 of 1412345...10...Last »