by CIRT Team
CSRF Vulnerability in phpMyAdmin [source: securityaffairs]
The development team of phpMyAdmin has fixed a CSRF vulnerability in phpMyAdmin that could be exploited by attackers for removing items from shopping cart. Researcher Ashutosh Barot has discovered a critical CSRF vulnerability in phpMyAdmin that could be exploited by attackers to perform malicious operations like drop tables and delete records. phpMyAdmin developers released the version 4.7.7 that addresses the CSRF vulnerability found by Barot. “By deceiving a user to click on...
Read More
by CIRT Team
Make 2018 your year of taking password security more seriously [source: helpnetsecurity]
The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely. Choosing passwords For one, avoid the most often used passwords. SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also...
Read More
by CIRT Team
MIRAI IS ATTACKING AGAIN, Outing ITS HILARIOUS, EXPLICIT C&C HOSTNAMES[source: f5]
The Mirai botnet is kind of like Madonna. They both were huge once, and then the adoring public shifted their attention to younger, newer acts but they keep on performing anyway. We wrote about Mirai extensively after we predicted its construction in our first IoT report, DDoS’s Newest Minions: IoT Devices in 2016. Mirai has been in the news again recently. In December, Brian Krebs reported1 that two men had...
Read More
by CIRT Team
Ransomware Attacks Will Be More Devastating and Widespread[source: databreachtoday]
An analysis of how unprepared businesses are to fight back against the continued problem of ransomware is featured in the latest edition of the ISMG Security Report. Ed Amoroso, CEO of TAG Cyber and former CISO at AT&T, predicts ransomware attacks will be even more widespread and devastating in 2018, and that without the proper tools, businesses will scramble to recover. In the Security Report...
Read More
by CIRT Team
Attackers Target Winter Olympics by Weaponized Word Doc[infosecurity-magazine]
Security researchers have uncovered a sophisticated phishing campaign targeting organizations involved in the Pyeongchang Olympics with a weaponized Word doc, and using a range of obfuscation techniques to fly under the radar. The malicious document is written in fluent Korean and named “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”, according to McAfee. It was aimed at a number of organizations providing...
Read More
by CIRT Team
Backdoor Account Removed from Western Digital NAS HDD[source: bleepingcomputer]
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June...
Read More
by CIRT Team
Warning: Microsoft Fix Freezes Some PCs With AMD Chips[source: databreachtoday]
Organizations are scrambling to put in place fixes for the Meltdown and Spectre flaws as makers of operating systems, cloud services, mobile devices and more start to release patches. Meltdown and Spectre are flaws in many microprocessors that attackers could use to steal kernel data, including passwords and encryption keys. Security experts say all organizations should put mitigations in place as soon as possible, preferably starting...
Read More
by CIRT Team
Healthcare breaches by ransomware increase year-over-year[source: helpnetsecurity]
2017 has been a very challenging year for healthcare institutions as these organizations remain under sustained attack by cybercriminals that continue to target their networks. End of year research conducted by Cryptonite indicates that there were a total of 140 data breach events characterized and reported to HHS/OCR as IT/hacking in 2017 representing a 23.89% increase over the 113 IT/hacking events reported in 2016. The number of...
Read More
by CIRT Team
New Rules for Searching Electronic Devices by US CBP [source: bleepingcomputer]
The US Customs and Border Protection (CBP) agency published last week a new guideline containing updated procedures for searching travelers’ electronic devices at US borders. CBP, an agency part of the US Department of Homeland Security (DHS), last updated the guidelines in August 2009. New procedures reign in border searches According to a 12-page set of rules and a 22-page privacy assessment, border agents can still search electronic...
Read More
by CIRT Team
Forever 21 Suffered 7-Month POS Malware Attack[source: databreachtoday]
Apparel retailer Forever 21 says point-of-sale systems in some of its stores were infected by malware for up to seven months, compromising shoppers’ payment card data. On Tuesday, Forever 21 issued an update on its investigation into the “payment card security incident” that it first announced in November. The retailer now says that an investigation conducted by a third-party incident response firm that it hired...
Read More
