How we hacked our colleague’s smart home
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology company is made up of […] more…Is Cloud Service Provider-Native Security ‘Good Enough’ For Your Cloud Transformation Program’s Goals?
Several times lately, CIOs and CISOs have asked me why the security toolset they get for “free” from their cloud service providers isn’t enough. Sure, it might not be the best … but isn’t it good enough for the program’s success? It’s true that we don’t often need the Cadillac.But cloud programs are failing at high […] more…ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky Lab spyware sensors caught the signal of an attack from the device of one of the victims; and a hash of the APK involved (Android application) was tagged in our sample feed for inspection. Once we looked […] more…RDP Security Explained
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly ‘wormable’ – […] more…Not-so-dear subscribers
Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. It might seem that the obvious solution is not to visit dubious sites and not to install apps from third-party sources. But, alas, these days such advice is […] more…Expanding Our Vision to Expand the Cybersecurity Workforce
I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […] more…Can All-in-One Printers Be Hacked? “Hackable?” Sets the Fax Straight
The heyday of fax technology may have been in the 80s, but all-in-one printers found throughout homes and offices often still include a fax machine. And telephonic transmission has resisted the rise of email and other internet-connected messaging tools in a variety of fields, including healthcare and law enforcement. On the latest episode of “Hackable?” […] more…Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
by Cedric Pernet, Vladimir Kropotov, and Fyodor Yarochkin Regular cybercriminals appear to be taking a page from targeted attack actors’ playbooks — or rather, toolkits — to maximize their profits from illicit activities like cryptojacking. One of the differences between regular cybercrime and targeted attacks is intent: The former will almost always have immediate financial […] more…What kids get up to online
Today’s children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they feel at home online does […] more…Say So Long to Robocalls
For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the […] more…MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
By Daniel Lunghi and Jaromir Horejsi We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as […] more…A Robust Federal Cybersecurity Workforce Is Key To Our National Security
The Federal government has long struggled to close the cybersecurity workforce gap. The problem has continued to get worse as the number of threats against our networks, critical infrastructure, intellectual property, and the millions of IoT devices we use in our homes, offices and on our infrastructure increase. Without a robust cyber workforce, federal agencies […] more…Platinum is back
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious […] more…Zebrocy’s Multilanguage Malware Salad
Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and similarities with BlackEnergy The past five years of Zebrocy […] more…BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
By Johnlery Triunfante An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, network drives, and removable drives using multiple web server […] more…CVE-2019-0725: An Analysis of Its Exploitability
by: John Simpson (Vulnerability Researcher) May’s Patch Tuesday saw what is likely to be one of the most prominent vulnerabilities this year with the “wormable” Windows Terminal Services vulnerability (CVE-2019-0708). However, there’s another remote code execution (RCE) vulnerability that would be hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) […] more…More information
- Seagate Patches Flaws in Personal Cloud, GoFlex Products
- vBulletin Resets Passwords After Server Hack
- Dangerous New USB Trojan Discovered
- Two New Vulnerabilities Could Affect 40% of Ubuntu Cloud Workloads
- Web Based Login Degraded Service
- Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability
- Microsoft Edge CVE-2017-0032 Scripting Engine Remote Memory Corruption Vulnerability
- Microsoft Windows CVE-2017-0043 XML External Entity Information Disclosure Vulnerability
- Unplanned power outage:Penn State Beaver
- Telecom Building UPS Maintenance