29 May 2020

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco disclosed on Thursday that six of its VIRL-PE servers were compromised after threat actors used critical SaltStack vulnerabilities in a targeted attack. Cisco stated that the attackers used to known vulnerabilities that exist in the open-source Salt management framework and are used in Cisco products. Two Cisco products still

Read More
29 May 2020

Highly-targeted attacks on industrial sector hide payload in images

Attackers have been using malicious PowerShell scrips in images to steal industrial sector employee credentials in a highly targeted campaign. The technique, steganography, uses public hosting imaging services to evade network traffic scanners and other tools that would potentially flag the malicious image. There have been victims identified in multiple

Read More
29 May 2020

NSA Warns of Ongoing Russian Hacking Campaign Against U.S. Systems

On Thursday, the US National Security Agency (NSA) released a warning to government partners and private companies about an ongoing Russian hacking operation that targets operating systems behind computer infrastructure. This intrusion technique actively exploits a vulnerability that the NSA advised companies to take seriously. The notice is part of

Read More
29 May 2020

Fortune 500 company NTT discloses security breach

On May 7, Nippon Telegraph & Telephone (NTT) suffered from a security breach that exposed information on 621 customers from its communications subsidiary. The company is the 64th biggest in the world, according to the Fortune 500 list, and is the largest telecommunications company in Japan. NTT stated that they

Read More
28 May 2020

Data Breach at Bank of America

Bank of America has disclosed that it suffered from a data breach affecting a small number of clients who had previously applied for their Paycheck Protection Program (PPP). Information involving Bank of America’s clients was exposed in late April when the bank uploaded the applicants’ details onto a the US

Read More
28 May 2020

Ransomware’s big jump: ransoms grew 14 times in one year

Over the past few years, ransomware has become the most insidious threat to companies as operators’ capabilities increase and ransom demands escalate. A newly published report shows that the average ransom demand has increased more than 10 times in just a year. There are over a dozen notorious ransomware operators

Read More
28 May 2020

$100 million in bounties paid by HackerOne to ethical hackers

HackerOne recently announced that as of May 26, they have paid out $100,000,000 in rewards to ethical hackers around the world. Since the beginning of HackerOne’s white hat hacking program, bug bounty hunters have uncovered and reported an estimated 170,000 security vulnerabilities. HackerOne uses information gathered from its bug bounty

Read More
27 May 2020

26 million LiveJournal accounts being shared on hacker forums

A massive data breach has hit LiveJournal, and the data is being advertised on several different hacker forms for free. The information in the leak includes plain text passwords converted from MD5 hashes, as well as email addresses, usernames, and profile URLs. Since May 8th of this year, the data

Read More
27 May 2020

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

Researchers have used a new fuzzing tool to uncover a total of 26 vulnerabilities in operating systems Linux, macOS, Windows, and FreeBSD. The research team consists of individuals from Purdue University and the Swiss Federal Institute of Technology Lausanne. The fuzzing tool was created by the researchers and has been

Read More
26 May 2020

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

Veracode’s annual State of Software Security report has revealed that researchers found 70 percent of applications available online contain at least one security flaw stemming from the use of an open-source library. This can arguably be attributed to a lack of awareness about where and how open source libraries are

Read More