Recent Posts

Pages: [1] 2 3 ... 10
Author: October 17, 2018Swati Khandelwal

Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.

The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account.

According to the company, a security researcher discovered a critical vulnerability in the desktop version of its website and responsibly reported it to the Tumblr security team via its bug bounty program.

full article here:
By AFP on October 17, 2018

British Prime Minister Theresa May will call on fellow EU leaders Thursday to take united action to punish cyber attackers, warning hackers cause economic harm and undermine democracies.

Britain is among eight European Union countries pushing for the bloc to urgently agree a new sanctions regime to address malign cyber activities.

"We should accelerate work on EU restrictive measures to respond to and deter cyber attacks, including a robust sanctions regime," May will say, according to pre-released comments.

full article here:

Author: Lindsey O'Donnell
October 17, 2018 10:04 am

The update also features 23 security fixes.

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities.

The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more control over the experience.”

Chrome 70 for Windows, Mac and Linux will roll out over the coming days and weeks, Google said in a Tuesday posting.

Author: Tara Seals
October 17, 2018 11:24 am

The vendor only plans to patch two of the eight impacted devices, according to a researcher.

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher.

Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May, uncovering that they affect the DWR-111, DWR-116, DWR-140, DWR-512, DWR-640, DWR-712, DWR-912 and DWR-921 models. However, he claims that D-Link told him that only the DWR-116 and 111 would be patched, because the rest have reached end-of-life and will no longer be supported.

full article here:

Author: Lindsey O'Donnell
October 17, 2018 2:49 pm

Oracle has released a critical patch update addressing more than 300 vulnerabilities across several of its products – including one flaw with a CVSS 3.0 score of 10 that could allow the takeover of the company’s software package, Oracle GoldenGate.

Of the 301 security flaws that were fixed in this month’s Oracle patch, 45 had a severity rating of 9.8 on the CVSS scale.

A broad spectrum of Oracle products are impacted, including the Oracle Database Server, Oracle Big Data Graph, Oracle Communications Applications, Oracle Construction and Engineering Suite and Oracle E-Business Suite.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” the company said in its Tuesday advisory.

full article here:
Author: By Ionut Ilascu

Newly released versions of the libssh library fix an authentication bypass flaw that grants access to the server by just telling it that the procedure was a success.

The libssh library enables support of the Secure Shell (SSH) protocol in applications, allowing an encrypted connection between clients and servers.

Discovered by Peter Winter-Smith of NCC Group, the vulnerability received the identification number CVE-2018-10933 and it affects the server part of libssh.

Leveraging it is a simple matter of presenting the server with the  SSH2_MSG_USERAUTH_SUCCESS message, which shows that the login already occurred without a problem.

The server expects the message SSH2_MSG_USERAUTH_REQUEST to start the authentication procedure, but by skipping it an attacker can log in without showing any credentials.

The trick is possible in library versions 0.6 and above, and there is no workaround available, informs an advisory on Thursday from the libssh team. The issue has been addressed in revisions 0.8.4 and 0.7.6 of the library.

full article here:
Author: By Lawrence Abrams

A new SEO poisoning campaign has been discovered that is targeting keywords associated with the U.S. midterm elections. Users who are enticed to visit these pages will then be redirected to a variety of scam sites, adult sites, and sites pushing unwanted software.

SEO poisoning is when attackers create malicious sites or hack legitimate ones in order to generate pages that promote certain keywords. These pages are then linked together between a large amount of sites under the attacker's control to get high rankings in search engine results for the promoted keywords. The visitors to these sites are then typically shown scam advertisements or are redirected to other sites pushing unwanted software or infecting users via exploit kits.

In a new report released today, Zscaler explains how attackers have hacked over 10,000 web sites in order to promote 15,000 different keywords. BleepingComputer's research indicates that the vast majority of sites involved in this poisoning campaign are running Worpdress. It is not known what vulnerabilities are being used to compromise these sites.

As we are leading up to the U.S. midterm elections, the attackers are leveraging U.S. politics keywords in order to entice user's to visit these sites.

full article here:
Author: Ehsan Foroughi, VP of Product, Security CompassOctober 17, 2018

In 2018, malicious client-side scripts are still posing a problem for large organizations. This year, British Airways revealed that they suffered a data breach in which 380,000 records were exfiltrated. Now, NewEgg has been hit with a similar data breach. This follows a string of attacks from a group known as Magecart, who were also responsible for publicized data breaches of Ticketmaster and Feedlify.

Any time malicious Javascript is loaded onto a critical page– for instance, a payments page– it has the potential to wreak havoc. The Magecart script, specifically, can exfiltrate data using the exact same method each time: when a form is submitted by a user, the information is skimmed and then sent to a server controlled by the attackers. Some internet experts have offered quick fixes to prevent malicious Javascript from exfiltrating data on payment pages, like putting the form in an iFrame or randomizing the form and input field names. While these controls may be useful for this particular morphology of attack, they do not provide a comprehensive defense for the many variations of attacks in the same category.

full article here:

Author: Help Net SecurityOctober 17, 2018

A new study shows that terahertz data links, which may play a role in ultra-high-speed wireless data networks of the future, aren’t as immune to eavesdropping as many researchers have assumed. The research shows that it is possible for a clever eavesdropper to intercept a signal from a terahertz transmitter without the intrusion being detected at the receiver.

“The conventional wisdom in the terahertz community has been that it’s virtually impossible to spy on a terahertz data link without the attack being noticed,” said Daniel Mittleman, a professor in Brown University’s School of Engineering and a coauthor of the research. “But we show that undetected eavesdropping in the terahertz realm is easier than most people had assumed and that we need to be thinking about security issues as we think about designing network architectures.”

full article here:
Author: Help Net SecurityOctober 17, 2018

ESET has uncovered details of a successor to the BlackEnergy APT group. Named GreyEnergy by ESET, this threat actor focuses on espionage and reconnaissance, quite possibly in preparation for future cyber-sabotage attacks.

BlackEnergy has been terrorizing Ukraine for years and rose to prominence in December 2015 when they caused a blackout that left 230,000 people without electricity – the first-ever blackout caused by a cyberattack. Around the time of that incident, ESET researchers began detecting another malware framework named GreyEnergy.

full article here:
Pages: [1] 2 3 ... 10