CMS based sites such as WordPress and Joomla are the popular targets for cybercriminals, they hijack those sites and inject malicious contents. ThreatLabZ researchers detected a campaign that targets WordPress and Joomla sites to distribute Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. Hackers use to hijack several hundreds of CMS sites and inject the Troldesh ransomware and phishing pages. All the compromised...
Read More
Apple on Monday released iOS 12.2 to patch a total of 51 security vulnerabilities in its mobile operating system that affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. A majority of vulnerabilities Apple patched this month reside in its web rendering engine WebKit, which is used by many apps and web browsers running on the Apple’s operating system. According...
Read More
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a “questionable” ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive...
Read More
Asus confirmed today that its Live Update utility has been indeed infected with malicious code by an advanced persistent threat (APT) group as part of a supply chain attack which managed to compromise some of its servers. “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user...
Read More
With the spread of Ransomware, Both company and individual have suffered serious threats. 360 Security Brain has comprehensively monitored and defended against the ransomware. The feedback on anti-ransomware services increased slightly, mainly due to the addition of several popular ransomwares in this month. 360 Total Security Ransomware Decryption Tool added GandCrab ransomware (Version 5.0.4 and 5.1), Aurora ransom (suffixed with Aurora, desu, cryptoid), CrazyCrypt ransom...
Read More
Description: Cisco has released several security advisories to address vulnerabilities in multiple Cisco products : Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf Impact: A...
Read More
Description: Drupal has released security updates to address a vulnerability in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-004
Description: ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s:...
Read More
After 10 years, support for Windows 7 is coming to an end on January 14, 2020. We know change can be difficult, so we are here to help you with recommendations for what to do next and to answer questions about end of support. For more, click here.
Description: Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804