An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks. The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued […]
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data. Researchers have added another reason to be suspicious of web browser extensions. According to a recently published academic report, various Chrome, Firefox and Opera browser extensions can be compromised by […]
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products. Researchers say they have discovered a unique malware family capable of gaining admin rights on targeted systems by uninstalling cloud-security products. Instances of the malicious activity are tied to coin-mining malware targeting Linux servers. Palo Alto Networks’ Unit 42, which published the report […]
Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks. Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyze how cybercriminals operating underground markets for stolen […]
A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover. WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability. “This is a security release for all previous versions and we strongly encourage you to update your […]
Microsoft tackled 53 vulnerabilities with today’s Patch Tuesday bulletin. Remote code execution bugs dominated this month’s patches, representing 25 fixes. In total, 20 of Microsoft’s security fixes were rated critical. Notable are four vulnerabilities with public exploits identified by Microsoft as CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700. But, according to an analysis of Patch Tuesday fixes […]
UPDATE Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released. “The stable channel has been updated to 62.0.3202.75 for Windows, Mac and Linux which will roll out […]
Hackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the internet for vulnerable IoT devices and dump default or weak credentials from them. “This is […]
A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport. The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya attacks of this summer which also concentrated […]
Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were discovered and privately disclosed to Microsoft by researcher Nick Freeman at Bishop […]