Description:Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal
Recently, 360 Security Team found the new variant of GlobeImposter ransomware family is actively spreading worldwide that has affected the great number of users. Moreover, the attack is expected to be more serious in the future. GlobeImposter can be seen as one of the most powerful ransomware in these years. It uses a high-intensity algorithm for encryption. Once the files are encrypted, it is almost...
Read More
Description: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/906424
Windows Activator has been a popular tool for attackers to spread Trojan viruses. Recently, 360 Security Center found a new kind of ransomware, which was spread by disguising as a Windows Activator. Through our precise analysis, we found this ransomware has a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this...
Read More
Consumers are daily targets of email and phone scams, not to mention the frequent cyberattacks on big data. So it’s never been more important to safelock your online security as best as you can. “The scams are changing everyday and consumers aren’t knowledgeable about the new scams that are going to be used against them,” says Kevin Mitnick, top cybersecurity expert and author of “The Art of...
Read More
Malware researchers from ESET have published a detailed report on the latest variant of the Turla backdoor that leverages email PDF attachments as C&C. Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. Turla is the name of a Russian cyber espionage...
Read More
Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. Bitdefender researchers have identified a new spyware framework can be used to spy into Android applications, it is tracked as Triout and first appeared in the wild on May 15. The researcher revealed that the command and control (C&C) server has been running since May 2018...
Read More
Description: The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-057
Description: Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
Description: Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/332928
