Collaborate Disseminate
Adobe Systems released a security update for Flash Player to fix four vulnerabilities, including one that was discovered in an attack targeting individuals and organizations from the Middle East. Two of the patched vulnerabilities, CVE-2018-4945 and C… Continue reading Flash Update Fixes Zero-Day Flaw Used in Targeted Attack
The sophisticated VPNFilter botnet that enslaved more than 500,000 routers and network-attached storage (NAS) devices is capable of infecting more devices than initially believed. The initial reports about VPNFilter identified 16 device models from Li… Continue reading VPNFilter Targets More Devices Than Initially Reported
Thousands of software projects and libraries contain code that extracts archives in an insecure way, allowing attackers to write arbitrary files outside the intended directories. In many cases, this can lead to remote code execution. The vulnerability… Continue reading Zip Slip Vulnerability Affecting Thousands of Apps Puts Systems at Risk
The VPNFilter botnet that compromised more than 500,000 routers and network-attached storage devices from around the world was recently disrupted, but is trying to make a comeback in Ukraine. Researchers from security firms Jask and GreyNoise Intellig… Continue reading VPNFilter Continues to Target Devices in Ukraine
The latest version of the RIG exploit kit, a tool used by cybercriminals to launch large-scale drive-by download attacks, is exploiting an Internet Explorer vulnerability that was patched by Microsoft last month after being found in targeted cyberespi… Continue reading RIG Exploit Kit Starts Using IE Zero-Day Flaw Patched in May
A new version of the widely used Git version control system fixes a vulnerability that allows malicious code repositories to execute code on client computers when being cloned. Originally created for Linux kernel development, Git is an open source too… Continue reading Git Vulnerability Leads to Remote Code Execution
The FBI and the Internet Crime Complaint Center (IC3) have issued a public service announcement advising owners of small-office and home-office routers to power cycle their devices to remove a new piece of malware. However, users should actually reset… Continue reading Router Attack: Users Should Reset Routers to Factory Default, Not Just Reboot
Millions of locks, alarms, sensors, light bulbs, garage door openers and other IoT devices that communicate over the Z-Wave protocol can be forced to use weaker security than they actually support. Z-Wave is a wireless communications protocol that use… Continue reading Z-Wave IoT Devices Vulnerable to Security Downgrade Attack
The group behind the Triton malware that triggered an emergency shutdown last year at a critical infrastructure organization in the Middle East is still active and has expanded its operations to industrial controllers in facilities in other regions of… Continue reading Hacker Group Targeting Industrial Controllers Expands Its Operations
A hacker group with suspected ties to the Russian government has infected more than 500,000 routers and other devices with highly sophisticated malware, possibly in preparation for future large-scale attacks. According to researchers from Cisco System… Continue reading Nation State Actor Builds Massive Army of Compromised Routers