Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

Posted on May 31st, 2019 by Responsible Cyber

Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few “selected” smartphones by simply calling the targeted phone numbers over Whatsapp audio call.Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the […]

Read More

Vulnerability Leaves Container Images Without Passwords

Posted on May 31st, 2019 by Responsible Cyber

A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store. Nearly one in five of the most popular containers available on the Docker store have no password for root access. That’s the finding of researcher Jerry Gamblin, building on work by researchers […]

Read More

Insight Partners Acquires Recorded Future

Posted on May 31st, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-12495 PUBLISHED: 2019-05-31An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. CVE-2019-12496 PUBLISHED: 2019-05-31An issue was discovered in Hybrid Group Gobot […]

Read More

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

Posted on May 23rd, 2019 by Responsible Cyber

A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update.However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.In a security advisory […]

Read More

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Posted on May 23rd, 2019 by Responsible Cyber

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls.Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects multiple Cisco products that […]

Read More

How to implement and use the MITRE ATT&CK framework

Posted on May 23rd, 2019 by Responsible Cyber

Mitigating security vulnerabilities is difficult. Attackers need to exploit just one vulnerability to breach your network, but defenders have to secure everything. That’s why security programs have been shifting resources toward detection and response: detecting when the bad guys are in your network and then responding to their actions efficiently to gather evidence and mitigate […]

Read More

WhatsApp Vulnerability Fixed – Schneier on Security

Posted on May 23rd, 2019 by Responsible Cyber

WhatsApp Vulnerability FixedWhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, […]

Read More

New Software Skims Credit Card Info From Online Credit Card Transactions

Posted on May 23rd, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2018-7201 PUBLISHED: 2019-05-22CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. CVE-2018-7803 PUBLISHED: 2019-05-22A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted […]

Read More

Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours

Posted on May 23rd, 2019 by Responsible Cyber

Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11.Just yesterday, while releasing a Windows 10 zero-day […]

Read More

NSA-Inspired Vulnerability Found in Huawei Laptops

Posted on March 30th, 2019 by Responsible Cyber

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique. What is less clear is […]

Read More