by CIRT Team
Adobe Releases Security Updates
Description: Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. This update resolves an important session token exposure vulnerability. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/connect/apsb19-05.html https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html
by CIRT Team
NASA Warns Employees of Personal Information Breach [thehackernews]
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked. In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed to gain access to...
Read More
by CIRT Team
The Clickjacking Bug that Facebook Won’t Fix [bleepingcomputer]
A security professional exposed to a spam campaign on Facebook discovered the method used by the perpetrator and submitted a report through the company’s bug bounty program. The issue still exists because Faceboook dismissed it on on the grounds that it does not change the state of the account. Proof-of-concept code demonstrates how easy it would be for an app developer to distribute arbitrary links...
Read More
by CIRT Team
Double-Gun Trojan which uses game plug-in to spread [360totalsecurity]
In July 2017, 360 Security Center discovered the first virus Trojan infected with MBR and VBR. It was named “Double- Gun”. In the following year, we found that the virus author frequently updated the virus version to increase the profitability and ability to fight against security software, and the virus transmission channels are constantly changing. Recently, we found that the latest version of the “Double-Gun”...
Read More
by CIRT Team
Hackers Intercepted EU Diplomatic Cables for 3 Years [bankinfosecurity]
For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reported late Tuesday. The attack was discovered by Area 1, an anti-phishing firm based in Redwood City, California, that was founded in 2013 by three former National Security Agency officials....
Read More
by CIRT Team
WordPress Releases Security Update
Description: WordPress 5.0 and prior versions are affected by multiple vulnerabilities. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
by CIRT Team
Microsoft Releases Out-of-Band Security Updates
Description: Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653 https://www.kb.cert.org/vuls/id/573168/
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc
by CIRT Team
The new findings of GrandCrab ransomware V5.0.5 [source: 360totalsecurity]
Recently, 360 Security Center detected that the GandCrab ransomware is back to attack Windows-based servers and PCs. We also found that if it detects that the computer system is using the Russian language, it will stop intruding. Not only that, but we also recently discovered that the GrandCrab ransomware will stop invading war-torn areas. On 16th October, a Syrian user said on Twitter that GandCrab...
Read More
by CIRT Team
Microsoft is Rebuilding Edge Browser using Chromium for Windows & macOS[bleepingcomputer]
Microsoft has officially confirmed that they are going to be gutting Edge and converting it into a Chromium based browser. While the engine will change, Microsoft has stated that they will continue utilizing the Microsoft Edge name and will now bring the browser to all supported Windows platforms. Microsoft explains that they plan on switching Edge to a Chromium-based engine in order to provide better...
Read More
