How to update your Spectre, Meltdown mitigations for the Retpoline mitigation

Posted on May 31st, 2019 by Responsible Cyber

The Spectre and Meltdown vulnerabilities discovered in January 2018 showed that weaknesses in CPUs were a potential attack vector. They allow a rogue process to read memory without authorization. Patches were rolled out along with bios updates from the manufacturer, but they came with a costly side effect: They degraded performance, especially on systems with […]

Read More

Insight Partners Acquires Recorded Future

Posted on May 31st, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-12495 PUBLISHED: 2019-05-31An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. CVE-2019-12496 PUBLISHED: 2019-05-31An issue was discovered in Hybrid Group Gobot […]

Read More

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

Posted on May 23rd, 2019 by Responsible Cyber

A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update.However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.In a security advisory […]

Read More

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Posted on May 23rd, 2019 by Responsible Cyber

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls.Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects multiple Cisco products that […]

Read More

More Attacks against Computer Automatic Update Systems

Posted on May 23rd, 2019 by Responsible Cyber

Last month, Kaspersky discovered that Asus’s live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studying this case, our experts found other samples that […]

Read More

New Software Skims Credit Card Info From Online Credit Card Transactions

Posted on May 23rd, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2018-7201 PUBLISHED: 2019-05-22CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. CVE-2018-7803 PUBLISHED: 2019-05-22A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted […]

Read More

New Version of Flame Malware Discovered

Posted on April 13th, 2019 by Responsible Cyber

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously thought. (Its controllers used a kill switch to […]

Read More

Phishing Campaign Targeting Verizon Mobile Users

Posted on April 6th, 2019 by Responsible Cyber

Lookout Phishing AI, which discovered the attack, says it has been going on since late November. Verizon is warning customers about a phishing campaign that is going specifically after mobile users. Mobile devices have emerged as an effective attack vector, according to Jeremy Richards, principal security researcher at Lookout Phishing AI, which discovered the phishing […]

Read More

Python-Based Bot Scanner Gorging on Recon Intel

Posted on April 6th, 2019 by Responsible Cyber

Discovered by AT&T AlienLabs, new malware Xwo seeking default creds and misconfigurations in MySQL and MongoDB, among other services A new Python-based bot scanner is snaking its way through Internet resources, seeking out exposed Web services and default passwords on critical network resources. The information grab doesn’t yet appear to be weaponized, but researchers believe […]

Read More

Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers

Posted on March 14th, 2019 by Responsible Cyber

Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group.Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement.Dubbed Operation Sharpshooter, the cyber […]

Read More