NSA-Inspired Vulnerability Found in Huawei Laptops

Posted on March 30th, 2019 by Responsible Cyber

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique. What is less clear is […]

Read More

Alleged Child Porn Lord Faces US Extradition — Krebs on Security

Posted on March 24th, 2019 by Responsible Cyber

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring – 33-year-old Freedom Hosting operator Eric Eoin Marques – was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This […]

Read More

Severe Flaw Disclosed In StackStorm DevOps Automation Software

Posted on March 14th, 2019 by Responsible Cyber

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.StackStorm, aka “IFTTT for Ops,” is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure […]

Read More

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Posted on March 1st, 2019 by Responsible Cyber

Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that could […]

Read More

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers

Posted on March 1st, 2019 by Responsible Cyber

It’s not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week.A few days ago, The Hacker News reported about a 19-year-old […]

Read More

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Posted on February 21st, 2019 by Responsible Cyber

Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released […]

Read More

POS Vendor Announces January Data Breach

Posted on February 21st, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2018-15380 PUBLISHED: 2019-02-20A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster serv… CVE-2019-3474 PUBLISHED: 2019-02-20A […]

Read More

Breach in Stanford System Exposes Student Records

Posted on February 20th, 2019 by Responsible Cyber

A wide variety of data was visible through the vulnerability. A vulnerability in the system that allows Stanford University students to view their records gave one student the ability to view the Common Applications and high school transcripts of other students. The key was to first request the ability to view their admission documents under […]

Read More

Virus attack! Hackers unleash social media worm after bug report ignored

Posted on February 20th, 2019 by Responsible Cyber

by Danny Bradbury What happens when you report a vulnerability to a website and it completely ignores your request, in spite of running a bug bounty program that’s supposed to pay for disclosures? Some hackers might just walk away, but a group of app developers in Russia chose another approach. They used the vulnerability to […]

Read More

How to update Windows 10 for side channel vulnerability fixes

Posted on February 20th, 2019 by Responsible Cyber

In January 2018, security news media was abuzz over a new class of vulnerability called side channel vulnerabilities. Spectre, Meltdown and Foreshadow are some of the best known. They exploit weaknesses in speculative execution in microprocessors to leak unauthorized information. Side channel vulnerabilities allow attackers to bypass account permissions, virtualization boundaries and protected memory regions. […]

Read More