You are here:-Vulnerabilities | Alerts | Solutions

Vulnerabilities | Alerts | Solutions

Financial Services Sector Rife with Hidden Tunnels | Threatpost

By | 2018-06-21T22:39:30+00:00 June 21st, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Global financial services organizations are seeing a significant uptick in the rate of being actively targeted by sophisticated cyber-attackers using hidden-tunnel techniques for post-intrusion data exfiltration. In an attempt to steal critical data and personally-identifiable information (PII), cybercriminals are building hidden tunnels into compromised systems to further break into networks and steal critical

Comments Off on Financial Services Sector Rife with Hidden Tunnels | Threatpost

New Phishing Scam Reels in Netflix Users to TLS-Certified Sites | Threatpost

By | 2018-06-20T23:52:24+00:00 June 20th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Johannes Ullrich, dean of research at the SANS Technology Institute, said Wednesday that there’s been an uptick in Netflix phishing mails using TLS-certified sites. The bad actors behind the attacks will take advantage of

Comments Off on New Phishing Scam Reels in Netflix Users to TLS-Certified Sites | Threatpost

Mylobot Botnet Emerges with Rare Level of Complexity | Threatpost

By | 2018-06-20T22:21:52+00:00 June 20th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

An unusual botnet dubbed Mylobot has emerged, percolating up from the Dark Web – and displaying a never-before-seen level of complexity in terms of the sheer breadth of its various tools, especially evasion techniques. According to an analysis posted on Tuesday by Tom Nipravsky, a security researcher for Deep Instinct, Mylobot’s bag of

Comments Off on Mylobot Botnet Emerges with Rare Level of Complexity | Threatpost

APT15 Pokes Its Head Out With Upgraded MirageFox RAT | Threatpost

By | 2018-06-20T09:40:46+00:00 June 19th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K.

Comments Off on APT15 Pokes Its Head Out With Upgraded MirageFox RAT | Threatpost

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch | Threatpost

By | 2018-06-19T11:42:49+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Tapplock, a smart padlock that received positive reviews and media hype when it was released earlier this year, has issued a critical patch after researchers discovered several security issues enabling them to easily hack into and unlock the device. The $100 lock is Bluetooth-based and can be fingerprint-activated. At first glance, everything about

Comments Off on “Unbreakable” Smart Lock Tapplock Issues Critical Security Patch | Threatpost

Google Home, Chromecast Leak Location Information | Threatpost

By | 2018-06-20T00:29:58+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication for connections received on a

Comments Off on Google Home, Chromecast Leak Location Information | Threatpost

macOS QuickLook Feature Leaks Data Despite Encrypted Drive | Threatpost

By | 2018-06-19T21:56:02+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers are cautioning macOS users that not all the data they store on their encrypted hard drive is protected. In a report published Monday, Apple security expert Patrick Wardle revealed that a macOS feature called QuickLook stores unprotected previews of images and other file types. “Apple states that: ‘we believe privacy is a

Comments Off on macOS QuickLook Feature Leaks Data Despite Encrypted Drive | Threatpost

22K Open, Vulnerable Containers Found Exposed on the Net | Threatpost

By | 2018-06-19T22:57:22+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the

Comments Off on 22K Open, Vulnerable Containers Found Exposed on the Net | Threatpost

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control” | Threatpost

By | 2018-06-19T10:13:35+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted.

Comments Off on Axis Cameras Riddled With Vulnerabilities Enabling “Full Control” | Threatpost

Vulnerability Summary for the Week of June 11, 2018

By | 2018-06-18T11:52:15+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , , , , , , , |

389-ds-base -- 389-ds-base 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850CONFIRMCONFIRMCONFIRMacccheck -- acccheck acccheck.pl in acccheck 0.2.1 allows Command Injection

Comments Off on Vulnerability Summary for the Week of June 11, 2018