You are here:-Tag:Darkmatters

Mylobot Botnet Emerges with Rare Level of Complexity | Threatpost

By | 2018-06-20T22:21:52+00:00 June 20th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

An unusual botnet dubbed Mylobot has emerged, percolating up from the Dark Web – and displaying a never-before-seen level of complexity in terms of the sheer breadth of its various tools, especially evasion techniques. According to an analysis posted on Tuesday by Tom Nipravsky, a security researcher for Deep Instinct, Mylobot’s bag of

APT15 Pokes Its Head Out With Upgraded MirageFox RAT | Threatpost

By | 2018-06-20T09:40:46+00:00 June 19th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K.

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch | Threatpost

By | 2018-06-19T11:42:49+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Tapplock, a smart padlock that received positive reviews and media hype when it was released earlier this year, has issued a critical patch after researchers discovered several security issues enabling them to easily hack into and unlock the device. The $100 lock is Bluetooth-based and can be fingerprint-activated. At first glance, everything about

Google Home, Chromecast Leak Location Information | Threatpost

By | 2018-06-20T00:29:58+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication for connections received on a

macOS QuickLook Feature Leaks Data Despite Encrypted Drive | Threatpost

By | 2018-06-19T21:56:02+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers are cautioning macOS users that not all the data they store on their encrypted hard drive is protected. In a report published Monday, Apple security expert Patrick Wardle revealed that a macOS feature called QuickLook stores unprotected previews of images and other file types. “Apple states that: ‘we believe privacy is a

22K Open, Vulnerable Containers Found Exposed on the Net | Threatpost

By | 2018-06-19T22:57:22+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control” | Threatpost

By | 2018-06-19T10:13:35+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted.

Vulnerability Summary for the Week of June 11, 2018

By | 2018-06-18T11:52:15+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , , , , , , , |

389-ds-base -- 389-ds-base 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850CONFIRMCONFIRMCONFIRMacccheck -- acccheck acccheck.pl in acccheck 0.2.1 allows Command Injection

Vermont Librarian Wins Small-Claims Suit Against Equifax | Threatpost

By | 2018-06-16T20:25:19+00:00 June 15th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

In a David-and-Goliath moment, a 49-year-old librarian has won damages against credit giant Equifax, in the wake of its head-spinningly massive 2017 data breach. It’s a small but significant victory: a small claims court awarded $600 to Jessamyn West, native of the small town of Randolph in Orange County, Vermont. West told Threatpost

Comments Off on Vermont Librarian Wins Small-Claims Suit Against Equifax | Threatpost

WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little | Threatpost

By | 2018-06-16T22:54:55+00:00 June 15th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week. However, a fresh analysis this week shows that, at least on a code level, the similarities (and differences) between the two are far from conclusive.

Comments Off on WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little | Threatpost