by CIRT Team
Fake application disguised itself as Google Photos in Microsoft Store [360totalsecurity]
In May of this year, an app called “Album by Google Photos” was launched in the Microsoft App Store. Its developer, calling itself “Google LLC” (Google LLC). However, in fact, this is completely fake. Attentive people will know that the official Google app that was released before, its developer column is displayed as “Google Inc.” In view of its release for several months, Google has...
Read More
by CIRT Team
New iPhone Bug Gives Anyone Access to Your Private Photos [source: thehackernews]
A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The...
Read More
by CIRT Team
Microsoft Releases Security Update
Description: Microsoft has released a security update to address a vulnerability in the Yammer desktop application. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569
by CIRT Team
libssh 0.8.4 and 0.7.6 Security and Bugfix Release
Description: libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
by CIRT Team
Drupal Releases Security Updates
Description: Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.drupal.org/sa-core-2018-006
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x
by CIRT Team
Oracle Releases October 2018 Security Updates
Description: Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
by CIRT Team
Advisory on PHP Vulnerabilities
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
by CIRT Team
The Big Hack: How China Used a Tiny Chip to Infiltrate [source: bloomberg]
In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone...
Read More
by CIRT Team
New DanaBot Banking Malware Attack with Stealer and Remote Access [source: gbhackers]
New Banking malware called “DanaBot” actively attacking various counties organization with sophisticated evasion technique and act as a Stealer and ability to gain remote access from targeted victims machine. DanaBot content some evasion technique such as extensive anti-analysis features and targeting various countries including Poland, Italy, Germany, and Austria, Australia and mainly targeting organization in the U.S. DanaBot is a banking malware written in the Delphi...
Read More
