by CIRT Team
New Privilege Escalation Flaw Affects Most Linux Distributions [source: thehackernews]
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an intermediary between client and user applications...
Read More
by CIRT Team
Amazon IoT operating system FreeRTOS has serious vulnerabilities [source: 360totalsecurity]
Recently, the researchers found that the popular Internet of Things (IoT) real-time operating system FreeRTOS has serious vulnerabilities. These vulnerabilities can allow hackers to break connected devices in smart homes or critical infrastructure systems, reveal information from device memory, and take over devices. Although patches have been released, the researchers alerted that updates from small vendors still take time. The researcher recently analyzed some of...
Read More
by CIRT Team
The latest variant of Satan ransomware is spreading in the wild [360totalsecurity]
Recently, 360 Security Center captured the latest variant of Satan ransomware and monitored that it has begun to spread in the wild. The new version of Satan has been updated to v4.2. After the attack is launched successfully, the file will be encrypted and the file suffix will be “sicck”. The amount of the extortion is one bitcoin. This is the activity of Satan ransomware...
Read More
by CIRT Team
685 million users may be affected by the Branch.io service XSS vulnerability [360totalsecurity]
Hundreds of million users may have been exposed to cross-site scripting (XSS) attacks due to vulnerabilities in the Branch.io services used by Tinder, Shopify, Yelp and many others. When the researchers analyzed Tinder and other applications, they found a Tinder domain, go.tinder.com, which had multiple XSS vulnerabilities. The researchers said that these vulnerabilities could be used to access Tinder users’ profiles. However, in most cases,...
Read More
by CIRT Team
Fake application disguised itself as Google Photos in Microsoft Store [360totalsecurity]
In May of this year, an app called “Album by Google Photos” was launched in the Microsoft App Store. Its developer, calling itself “Google LLC” (Google LLC). However, in fact, this is completely fake. Attentive people will know that the official Google app that was released before, its developer column is displayed as “Google Inc.” In view of its release for several months, Google has...
Read More
by CIRT Team
New iPhone Bug Gives Anyone Access to Your Private Photos [source: thehackernews]
A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The...
Read More
by CIRT Team
The Big Hack: How China Used a Tiny Chip to Infiltrate [source: bloomberg]
In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone...
Read More
by CIRT Team
New DanaBot Banking Malware Attack with Stealer and Remote Access [source: gbhackers]
New Banking malware called “DanaBot” actively attacking various counties organization with sophisticated evasion technique and act as a Stealer and ability to gain remote access from targeted victims machine. DanaBot content some evasion technique such as extensive anti-analysis features and targeting various countries including Poland, Italy, Germany, and Austria, Australia and mainly targeting organization in the U.S. DanaBot is a banking malware written in the Delphi...
Read More
by CIRT Team
Phishing Attacks Distributed Through CloudFlare’s IPFS Gateway [bleepingcomputer]
Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose. Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file...
Read More
by CIRT Team
Expert Discovered Passcode Bypass Vulnerability in iOS 12 [source: securereading]
Security expert discovered a critical vulnerability in iOS 12 which could allow attackers to access photos and contacts on a locked iPhone. Jose Rodriguez, a tech expert, discovered a passcode bypass vulnerability on the iOS 12 and latest iOS 12.1 beta operating systems. According to Rodriquez, the hack works on the latest iPhone XS and some of the other models also. The flaw allows attackers...
Read More
