2018 – Page 11

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Haythem Elmir 7 ans ago

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the […]

Hacking

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Haythem Elmir 7 ans ago

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh […]

Hacking

Windows 10 October 2018 Update Build 17763.104 Released to Insiders With Fixes

Haythem Elmir 7 ans ago

Windows 10 October 2018 Update Build 17763.104 is now rolling out to the Insiders in the Slow and Release Preview Ring with important fixes. This build fixes issues with the Task Manager, third-party Antivirus products, and addresses driver compatibility issues experienced by some users. The update has finally fixed a bug […]

GALLMAKER : UNE CAMPAGNE DE CYBERESPIONNAGE NOUVELLEMENT DÉCOUVERTE

Haythem Elmir 7 ans ago

Une nouvelle attaque de cyberespionnage cible des institutions gouvernementales et militaires comme les ambassades de l’Europe de l’Est ou encore les institutions de défense militaires du Moyen-Orient. Baptisée Gallmaker, cette campagne d’attaques exploite des vulnérabilités au sein du protocole DDE et utilise des outils de piratage publiquement disponibles. Le protocole […]

Hacking

Oracle patches 301 vulnerabilities, including 46 with a 9.8+ severity rating

Haythem Elmir 7 ans ago

Yesterday, Oracle released its quarterly critical patch update (CPU) for Q3 2018, the October edition, during which the company fixed 301 vulnerabilities. Of the 301 flaws, 45 had a severity rating of 9.8 (on a scale of 10) and one even received the maximum 10 rating. Vulnerabilities that receive this severity […]

Hacking

Malicious RTF Documents Deliver Information Stealers

Haythem Elmir 7 ans ago

A newly discovered infection campaign is leveraging malicious RTF files to deliver information-stealing Trojans to the unsuspecting victims, Cisco Talos security researchers warn. As part of the attacks, the adversaries use a well-known exploit chain for malware delivery, but have modified it so it would not trigger anti-virus detection. The […]

Hacking

Malicious Redirects from NewShareCounts.com Tweet Counter

Haythem Elmir 7 ans ago

When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the new design came with a decision to nuke their beloved Tweet count feature. Social signals can be a huge credibility indicator for visitors and site content. Who doesn’t […]

Cybersecurity

TLS 1.0 and TLS 1.1 Being Retired in 2020 by All Major Browsers

Haythem Elmir 7 ans ago

In a coordinated announcement, Microsoft, Google, Apple, and Mozilla have stated that they will be retiring the TLS 1.0 and TLS 1.1 secure communication protocols beginning in 2020. TLS (Transport Layer Security) is a protocol that can be used to encrypt communication between your web browser and a web site […]

A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence

Haythem Elmir 7 ans ago

A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S. According to the Onslow Water and Sewer Authority (aka ONWASA) some internal systems were infected with the Emotet malware, but the regular water service was not impacted. […]

Hacking

Russia-linked APT group DustSquad targets diplomatic entities in Central Asia

Haythem Elmir 7 ans ago

Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. Earlier October, security experts from ESET shared details about the operations of a cyber espionage group tracked as Nomadic Octopus, a threat actor focused on diplomatic entities in Central Asia. The group has been active since […]