Cable Haunt is a vulnerability in millions of cable modems which allows an attacker to execute arbitrary code on the modem. This vulnerability is interesting for two reasons – firstly the scale due to the number of vulnerable devices and secondly how the vulnerability came about. Cable Haunt is a buffer overflow defect in theRead more
Blog
A remote code execution vulnerability has been discovered in SQLite, dubbed Magellan 2.0 by the research team that discovered it. Tencent’s Blade security research team has published some details of a remote code execution vulnerability that affects all version of SQLite prior to the latest patch issued on 13 December 2019. SQLite is a widely usedRead more
When Positive Technologies reported a serious flaw in a core element of the Citrix architecture just before Christmas, they predicted up to 80,000 businesses could be at risk. If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the Internet. This attack does not require access to any accounts, and thereforeRead more
In a statement posted on Twitter, Foreign Exchange specialist Travelex confirms that its systems had been subject to a cyberattack on New Years Eve and that many systems and services had been taken offline as a precaution. Four days into the incident, the main Travelex UK home page was still displaying an ASP.NET default errorRead more
The release of the final Star Wars movie this month has been accompanied by a surge in fake download sites offering early or free access to the film while really depositing malware onto fans computers. For organisations that allow employees to take laptops home for the holidays, this may pose an additional risk if theRead more
Researchers have identified new attack vectors which leverage the RDP drive sharing feature to perform fileless attacks and plant malware. A standard feature of the Microsoft RDP implementation is the ability to share a drive from the client machine. This appears as a network share to the server device at \\tsclient. An attacker who wasRead more
The North Korean Lazarus hacker group is targeting crypto-exchanges with innovative fileless Mac malware. Security researcher Patrick Wardle describes this new fileless Mac malware strain in a recent blog post. The malware infects the machine in a fairly standard two stage approach. The victim is first tricked into downloading an application for a new cyptocurrencyRead more
Researchers demonstrate how to extract secure keys from an Intel Trusted Platform Module in 4 minutes The Trusted Platform Module (or TPM) is a secure enclave within a computer that acts as a root of trust for the operating system and secure storage area for security keys. The TPM can be implemented either as aRead more
Publishing giant Nikkei has reported they have lost $29million in an email fraud. In a press release they said: In late September 2019, an employee of Nikkei America, Inc. (New York City, United States) (“Nikkei America”), a subsidiary of Nikkei Inc. (“Nikkei”), had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen)Read more
McAfee reports that a trio of malware kits are being actively used to target Office365 users. The phishing emails contain a clip of audio pretending to be from a voicemail intended for the recipient. A short clip of the audio can be played within the email which contains an urgent sounding ‘um hello?…’ The user isRead more
