Threat Advisories


Patch Release


Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials Attackers could access Wi-Fi credentials due to a problem in initial configuration of the smart doorbell device. Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Read More New

Software, Supply-Chain Dangers Top List of 5G Cyber Risks. Without naming Huawei, the EU warns on state-backed 5G suppliers. The proliferation of software within 5G networks is one of the top security challenges facing the next generation of mobile networks, according to a report out this week from the European Union. Read More Old

Critical Microsoft Remote Desktop Flaw Fixed in Security Update. Microsoft has released fixes for nine critical and 49 important vulnerabilities as part of Patch Tuesday. Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Read More Old

Hackers Turn to OpenDocument Format to Avoid AV Detection. Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users.Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software.Past macro-based attacks have relied on malware hitching a ride with .docx, .zip, .jar and many other file formats. But researchers at Cisco Talos said that because these attempts are nearly certain to be red flagged by endpoint protection, hackers are turning to the OpenDocument (ODT) format to avoid detection. Read More old

Critical Exim Flaw Opens Servers to Remote Code Execution. A fix has been issued for a critical Exim flaw that could lead to servers crashing or remote code execution attacks being launched. A patch has been issued for a critical flaw in the Exim email server software, which could potentially open Exim-based servers up to denial of service or remote code execution attacks. Read More old

Cisco Extends Patch for IPv6 DoS Vulnerability. Cisco has extended its patch for a high-severity IPv6 denial-of-service (DoS) vulnerability that was first addressed in 2016. Read More old

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack. Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH); but, luckily, such an attack would be difficult to launch. Read More old

Google Targets Data-Abusing Apps with Bug Bounty Launch. The company on Thursday announced the Developer Data Protection Reward Program, which, depending on the impact of the bug found, could net as much as $50,000 for a single report. Launched in collaboration with HackerOne, it’s meant to stomp out apps that violate Google Play, Google API and Google Chrome Web Store Extension program privacy policies. Read More old

Lenovo High-Severity Bug Found in Pre-Installed Software. Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving an adversary Administrator or SYSTEM-level privileges. Read More old

Apple Releases Emergency Patch for iPhone Jailbreak Flaw iOS version 12.4.1 fixes the "use after free" vulnerability. Apple today released a security patch for a critical jailbreak vulnerability in iOS 12.4 exposed a week ago by a security researcher who released an exploit for it. Read More

Cisco Patches Six Critical Bugs in UCS Gear and Switches Six bugs found in Cisco’s Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment. Read More

H ackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year. Read More

CyberRisk Alliance acquires Cybersecurity Collaborative establishing its Peer Council Business Platform New York, NY, August 19, 2019 — CyberRisk Alliance (“CRA”), a business intelligence company serving the cybersecurity and information risk management marketplace, has acquired Cybersecurity Collaborative, a peer council platform for Chief Information Security Officers (CISOs) and other senior-level security executives from Stuart Cohen, the company’s founder and CEO. Stuart will continue to lead the…

In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user interaction. To exploit the vulnerabilities, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.

State Farm Accounts Compromised in Credential Stuffing Attack United States based insurance company State Farm has begun to send out email notifications to users whose online account login credentials were discovered by an attacker during a credential stuffing attack

Read More

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month. Read More New

LastPass Fixes Bug That Leaks Credentials. The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords. Read More old

PuTTY Software Update Patches 8 Important Vulnerabilities. Time to update your PuTTY installations immediately to the latest version. Why the urgency? The popular SSH client program has released the latest version of its software that includes security patches for 8 security flaws. Read More old

SUPEE-11155 This patch contains several security updates. Risk: Critical for Magento Commerce prior to and Open Source prior to Read More

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems. Read More

Apple’s latest iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google…

This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.

KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's computer—without even requiring the victim to actually open it

Read More

Black Friday Shoppers Targeted By Scams and Fake Domains Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension. Read More New

Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Read More New

New Adwind Variant Targets Windows, Chromium Credentials A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets. Read More New

Raccoon Malware Scavenges 100,000+ Devices to Steal Data A new information stealer is gaining rapid popularity with the cybercriminal community – leading to it infecting hundreds of millions of victims. A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. Read More Old

Avast Network Breached As Hackers Target CCleaner Again Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack. Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account. Read More Old

Pitney Bowes Hit with Ransomware Attack. The attack left customers unable to access key services for shipping and mailing, the company said. Shipping services company Pitney Bowes was hit with a ransomware attack that disrupted customer access to key services, the company said Monday. Read More Old

Sophisticated Spy Kit Targets Russians with Rare GSM Plugin The Attor malware targets government and diplomatic victims with unusual tactics. A sophisticated cyberespionage platform called Attor has come to light, sporting an unusual capability for fingerprinting mobile devices as part of its attacks on government and diplomatic victims. Read More Old

Virus Bulletin 2019: Magecart Infestations Saturate the Web. There are dozens of known groups, hundreds of C2 servers and millions of victim websites. Despite Google’s stepped up efforts to ban malicious apps hosted on Google Play 172 harmful apps – installed 335 million times by users – have been discovered on the platform in September alone. Read More Old

Google Play Malicious Apps Racked Up 335M+ Installs in September. A total of 172 malicious apps were detected on Google Play in September, with more than 330 million installations. Despite Google’s stepped up efforts to ban malicious apps hosted on Google Play 172 harmful apps – installed 335 million times by users – have been discovered on the platform in September alone. Read More New

Senate Passes Bill Aimed At Combating Ransomware Attacks. The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords.The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. Read More old

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks. Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. Read More old

U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign. The well-known LokiBot malware has popped up in several malicious spam campaigns over the past year, covertly siphoning information from victims’ compromised endpoints. Researchers this week are warning of the most recent sighting of the malware, which was recently spotted in spam messages targeting a large U.S. manufacturing company. Read More old

Defense Takeaways from Three Adversary Playbooks An analysis of threat techniques used by Silence Group, Goblin Panda and Zegost, which can help construct effective defenses. In these days of advanced threats, the perimeter defense strategy – though still useful and necessary – is incomplete. Read More old

Malicious App on Google Play Tallies 100 Million Downloads. For some time, a handy PDF creator and optical character recognition (OCR) app available via Google Play offered users utility and convenience. The app, downloaded more than 100 million times, is called CamScanner and allows Android phone owners to snap a picture of a page of text, turn it into a PDF and even use OCR to turn the document into editable text. Read More old

More Than Half of Social Media Login Attempts Are Fraud. Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states. Login attempts make up three of every four digital transactions a business has with its customers. Unfortunately for today's increasingly digital organizations, not all user logins are authentic – in fact, across many industries, it's more likely a login attempt is fake. Read More

The Texas Ransomware Attacks: A Gamechanger for Cybercriminals Security researchers worry that this weekend’s coordinated attacks on more than 20 Texas governments mark a change in how ransomware attacks will be launched in the future. Read More

ANew Android 'Banking Malware For Rent' Emerges After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses. Dubbed "Cerberus," the new remote access Trojan allows remote attackers to take total control over the infected Android devices and also comes with banking Trojan capabilities like the use of overlay attacks, SMS control, and contact list harvesting. Read More

Coordinated Ransomware Attack Hits 23 Texas Government Agencies Researchers say that the targeted ransomware cyberattack on 23 Texas local and state entities represents a shift from “attacks of opportunity” to more targeted, malicious attacks.

Russian Hackers Leverage IoT Devices to Access Corporate Networks An infamous Russia-linked cyber-espionage group has been attempting to compromise organizations through insecure Internet of Things (IoT) devices, Microsoft reports

SQL Injection Vulnerability Exposed Starbucks Financial Records A critical SQL injection vulnerability exposed nearly one million financial records stored in a Starbucks enterprise database, a researcher revealed this week

Read More