Tenafly High School has informed parents earlier this month that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after. The New Jersey-based high school has not named the student but said it informed authorities, and law enforcement is currently handling the investigation. According to reports in local media [1, 2], the teen...
Read More
PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for...
Read More
Sophos releases its 2018 Malware Forecast today, and the big takeaway is this: ransomware remains a huge problem for companies and isn’t going away. In 2017, attackers further perfected their ransomware delivery techniques, leading to global outbreaks such as WannaCry, NotPetya and, most recently, Bad Rabbit. Though most ransomware is hitting Windows users, it’s clear that people aren’t immune if they use other platforms, including mobile devices. A prime example is the...
Read More
Advanced Persistent Threat (APT) একধরনের সাইবার আক্রমন যার দ্বারা সাইবার আক্রমণকারীরা বা নেটওয়ার্কে অবৈধ অনুপ্রবেশকারী বা অবৈধ অনুপ্রবেশকারীদের দল, কম্পিউটার ব্যবহারকারী বা সিস্টেম অ্যাডমিনদের অজান্তে, কম্পিউটার নেটওয়ার্কে দীর্ঘসময় উপস্থিত থেকে ও ক্রমাগত কম্পিউটার হ্যাকিং প্রসেস (processes) দ্বারা টার্গেট নেটওয়ার্কে আক্রমণ করে। এর মাধ্যমে অত্যন্ত সংবেদনশীল তথ্য (highly sensitive data) বা মেধা সম্পত্তি (Intellectual property) চুরি করা , Critical অবকাঠামোগুলির ব্যাপক ক্ষয়ক্ষতি সাধন (যেমন, ডাটাবেস মুছে...
Read More
Description: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Impact: Attackers can exploit...
Read More
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
Description: Multiple Cisco WebEx Products are prone to the following security vulnerabilities: Multiple remote code-execution vulnerabilities Multiple denial-of-service vulnerabilities Impact: An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs- CSCve02843 CSCve10584 CSCve10591 CSCve10658 CSCve10744 CSCve10749 CSCve10762...
Read More
Clarkson, one of the world’s largest providers of shipping services publicly disclosed a security breach. Clarkson confirmed the hackers may release some of the stolen data, it hasn’t provided further details due to the ongoing law enforcement investigation. The information disclosed by the company suggests cyber criminals blackmailed the company requesting the payment of a ransom in order to avoid having its data leaked online. According to Clarkson,...
Read More
Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser. The most impacted by this change are antivirus and other security products that often inject code into the user’s local browser process to intercept and scan for malware, phishing pages, and other threats. Google says these changes will take place in three main phases over the next 14...
Read More
