Oracle Patches Record-Breaking 308 Vulnerabilities in July Update
Oracle on Tuesday released its July 2017 Critical Patch Update (CPU) to address a total of 308 vulnerabilities, the highest number of security fixes ever released in a quarter by the enterprise software giant. read more more…Analyzing a Patch of a Virtual Machine Escape on VMware
A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system, which can lead to infections and malware execution. VMware escapes demonstrated at the most recent PwnFest, organized by […] more…SAP Patches High-Risk Flaws in SAP POS, Host Agent
L33tdawg: Check out the demo live at #HITBGSEC next month 🙂 SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws that could allow an attacker to gain access to SAP POS, the company’s client/server point-of-sale (PoS) solution. Tags: Security Industry News HITB HITBGSEC more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…Organizations Only Slightly Improved Security Posture: Report
Organizations made some improvements to their security posture last year, but only marginally, as the average time-to-fix is still too high and remediation rates are too low, according to the 12th annual application security statistics report from WhiteHat Security. read more more…July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens
Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This month’s Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere. One notable vulnerability in this month’s Patch Tuesday is CVE-2017-8584, a remote code […] more…OSX Malware Linked to Operation Emmental Hijacks User Network Traffic
The OSX_DOK malware (Detected by Trend Micro as OSX_DOK. C)  showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OSX operating system. This malware, which specifically targets Swiss banking users, uses a phishing campaign to drop its payload, which eventually results in the hijacking of a user’s network […] more…July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues
Google has released their Android security bulletin for July in two security patch level strings: the first dated 2017-07-01 and the succeeding one dated 2017-07-05. As always, Google urges users to update and avoid any potential security issues. Owners of native Android devices should apply the latest over-the-air (OTA) updates, and non-native Android device users […] more…SLocker Mobile Ransomware Starts Mimicking WannaCry
by Ford Qin Early last month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry. The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their […] more…7 Strategies to Help Kids Sidestep Digital Friction this Summer
What happens when you mix long summer days with a steady flow of SnapChats, tweets, Instagram feeds, and a non-stop hum of group texts streaming into your life? If you’re an adult, you’ve likely learned how to power off and unplug for a few hours or days when you’ve hit digital overload. If you are […] more…How IT should prep for Apple’s public OS betas
As has become Apple’s standard practice in recent years, the company will soon roll out public betas of iOS 11 and macOS High Sierra. Both are expected to arrive by the end of June. Public betas can be useful for Apple and other tech companies. They accelerate feedback and can ensure that bugs — including ones […] more…AdGholas Malvertising Campaign Employs Astrum Exploit Kit
At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the […] more…How a Hacking Group Used Britney Spears’ Instagram to Operate a Command and Control Server
A nasty piece of malware is currently being tested by a Russian hacking group named Turla, and its trial round has been conducted in an unexpected area of the internet — the comments section of Britney Spears’ Instagram. As a matter of fact, they’re using her Instagram as a way to contact the malware’s command […] more…Grocery Industry’s Cybersecurity Challenges: Harbinger Of Threats To Corporate America
Button up your overcoat; it’s about to rain cyberthreats Few businesspeople have as much on the line every moment of every day as grocers. When disquieting events happen at a grocery store, customers can be more than just inconvenienced. In extreme circumstances, grocery products can be the cause of illness, even death. What makes […] more…Microsoft Patches Windows XP Again As Part of June Patch Tuesday
Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014. As part of the June Patch Tuesday cycle, Microsoft has decided to issue patches for XP and other older platforms that have reached End of […] more…Windows XP Receives Patches for More ‘Shadow Brokers’ Exploits
Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups. read more more…More information
- Microsoft discontinues Advance Notification Service, but why?
- Microsoft Dynamics 365 CVE-2018-8606 Cross Site Scripting Vulnerability
- Cybersecurity M&A Roundup: 34 Deals Announced in November 2023
- Amazon Suspends Sales of BLU Smartphones Over Security, Privacy Concerns
- Resolved: Phishing Attempt Targeting Penn State, ANGEL Users
- Smart Home Hacked via Vulnerabilities, Social Engineering
- Apple hardens FaceTime and iMessage security
- Flash Player emergency patch fixes one flaw already being exploited, and two others
- NSA chief talks surveillance tactics over dinner
- U.S. Banking Regulator Hit by 54 Breaches in 2015, 2016