25 Jul 2019

US company selling weaponized BlueKeep exploit

Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23. BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be

Read More
24 Jul 2019

Survey: Only Half of Organizations Believe They Can Stop Cyber Attacks

A new global survey conducted by CyberArk indicates that half of organizations have little confidence in their cyber defenses and actually believe that threat actors can break into their networks whenever they want to. When it comes to threats to their critical assets, organizations are mostly worried about hackers (78%),

Read More
24 Jul 2019

Penetration Test Data Shows Risk to Domain Admin Credentials

Rapid7 has released a new report combining data from 180 real-world penetration tests carried out in enterprise environments. The research indicates that the data protection efforts of nearly all organizations (96%) are seriously undermined by at least one serious flaw in their systems. Moreover, pentesters managed to obtain at least

Read More
23 Jul 2019

Critical RCE Flaw in Palo Alto Gateways Hits Uber

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

Read More
23 Jul 2019

40% of enterprises experienced Office 365 credential theft, report finds

A recent survey by Cyren and Osterman Research found that 4 in 10 companies in the US and the UK have experienced the compromise of Office 365 login credentials, with incidents being more common in the UK (54%) than in the US (34%). Furthermore, when taking into account all organizations,

Read More
22 Jul 2019

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

FireEye researchers recently uncovered a new phishing campaign by Iranian state-backed cyber espionage group APT34 (aka OilRig or Greenbug) that took advantage of LinkedIn. Masquerading as a Cambridge University lecturer on LinkedIn, the threat actors invited people to connect with them. If a victim accepted the connection, the hackers would

Read More
22 Jul 2019

Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed

The Russian Federal Security Service (FSB) suffered the biggest data leak in its history after a hacking group operating under the name 0v1ru$ recently obtained unauthorized access to the network of Sytech, a contractor for the FSB. After stealing 7.5TB of data from Sytech, 0v1ru$ shared the information with a

Read More
22 Jul 2019

Met Police hacked with bizarre tweets and emails posted

Last Friday, threat actors hacked into the London Metropolitan Police’s account for the MyNewsDesk public relations platform, and used their access to post unauthorised messages on the Met’s website and to send out unusual Tweets and emails from official Met accounts. The Met has launched an investigation into the incident.

Read More
22 Jul 2019

Over 60 US Colleges Compromised by ERP Exploit

A major vulnerability in popular enterprise resource planning (ERP) software has enabled threat actors to compromise at least 62 colleges in the United States, the US Department of Education recently warned. A NIST advisory states that the flaw, tracked as CVE-2019-8978, impacts Ellucian Banner ERP and “allows remote attackers to

Read More
19 Jul 2019

Bulgaria’s hacked database is now available on hacking forums

A database containing 11 GB worth of data on Bulgarian citizens that was recently leaked to local media outlets by an unidentified actor, is now available for download on hacking forums. The database allegedly contains only half of the information that was recently stolen from Bulgaria’s National Revenue Agency (NRA),

Read More