A clearer picture of the CCleaner backdoor incident

cyber

On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers. To read the original article : https://www.helpnetsecurity.com/2017/09/19/ccleaner-backdoor-incident/?utm_source=dlvr.it&utm_medium=twitter

Alert Regarding Vulnerabilities in Apache Tomcat

cyber

On September 19, 2017 (US time), the Apache Software Foundation released information on vulnerabilities (CVE-2017-12615 and CVE-2017-12616) in Apache Tomcat. In the vulnerability CVE-2017-12615, when running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false), arbitrary code may be executed remotely […]

Locky is coming: Ransomware campaign uses Game of Thrones-themed scripting variables

cyber

A Lannister always pays his debts. And you, too, may have to pay up if you become infected with Locky ransomware, delivered in an email distribution campaign that uses Game of Thrones references in its scripting variables. In a company blog post on Friday, PhishMe intelligence analyst Victor Cornell describes recently discovered Locky threat campaign, noting that the […]

Linux IoT botnet retooled to send spam email

cyber

An IoT botnet has set its hooks in about 4,500 – 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day. The Linux.ProxyM first appeared in February 2017 and had peaked at 10,000 bots by July […]

PSA: New Microsoft Word 0day used in the wild

cyber

Microsoft has just patched an important vulnerability in Microsoft Word during its latest patch Tuesday cycle. According to the security firm that found it [1], this new zero-day (CVE-2017-8759) was used in targeted attacks to install a piece of malware known as FinFisher. Microsoft Office has been in the line of fire throughout the […]

ADOBE FIXES EIGHT VULNERABILITIES IN FLASH, ROBOHELP, COLDFUSION

cyber

Adobe fixed eight vulnerabilities across three products, including two critical memory corruption bugs and a critical XML parsing flaw, with its regularly scheduled update on Tuesday. RoboHelp for Windows, ColdFusion, and as usual, Flash Player, all received updates as part of the company’s Patch Tuesday security bulletins. Versions 26.0.0.151 and […]