Category

Threat Advisory
NewsNow Hacked: User Passwords Exposed
NewsNow, the popular news aggregation site just suffered a huge data breach that may have resulted in exposing their users’ encrypted passwords. The news aggregator failed to mention anything about the breach on its site or on any of its social media accounts. It is reportedly notifying affected customers via email: —– “We are writing...
Continue Reading
IBM WebSphere is a software framework and middleware that hosts Java-based web applications. This means that it’s similar to Adobe’s Flash Player, in a way that it allows Java-based applications to run on a web browser. This also means that since it hosts Java-based content, any and all information on sessions involving such applications will be taken note of, until the next time that the Java application is accessed. This threat is performed through inserting Java-based code on an application being ran, and this code is enough to send copies of information that’s been input towards a different location. For example: you’re playing a Java-based game on your browser and made an in-game purchase. For these purchases to take effect, you will have to input your credit card information, as well as other personal information that they will keep on file. If the vulnerabilities on WebSphere have been exploited, a code has already been inserted towards the page wherein you input the said information, and sends copies of It to a location where the perpetrator has access to, hence, immediately putting your financial security at risk. This is a form of injected phishing that targets a specific platform, and millions have been victims of such an activity. The reported affected versions of WebSphere are as follows: IBM WebSphere Application Server 9.0 versions prior to 9.0.0.10, with an interim fix on version 9.0.0.9 that has since been attacked IBM WebSphere Application Server 8.5 versions prior to 8.5.5.15, with an interim fix on version 8.5.5.14 that has since been attacked IBM WebSphere Application Server 8.0 versions prior to 8.0.0.15 IBM WebSphere Application Server 7.0 versions prior to 7.0.0.45 The interim fixes have been attacked primarily due to government institutions making use of this platform. This issue is due to the unsafe handling of JAVA object de-serialization through the SOAP connector. An attacker can exploit this issue by sending a specially crafted object through the SOAP connector. Upon successful exploitation, the attacker can then have full privileges on the platform, which allows them to edit, create, delete and export data with no inhibitions. That’s a major threat. There are several preventive measures that we can apply to try and mitigate the damage this can cause: Upgrade to the latest version of IBM WebSphere Application Server Verify no unauthorised system modifications have occurred before applying any patches Apply the principle of Least Privilege to all systems and services Remind users not to visit websites or follow links that come from untrusted sources These are not absolute fixes, but these can help reduce the risk of being exposed to this vulnerability. Until IBM designs a vaccine for this threat, this would be our best course of action.
IBM WebSphere is a software framework and middle ware that hosts Java-based web applications. This means that it’s similar to Adobe’s Flash Player, in a way that it allows Java-based applications to run on a web browser. This also means that since it hosts Java-based content, any and all information on sessions involving such applications...
Continue Reading
Cobalt Threat Group Dishing Out SpicyOmelette
Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware – targeting banking and other financial institutions worldwide. Cyberattacks against banks and its clients alike are spreading and evolving in nature and complexity – it is often financial institutions which bear the burden. Banking customers being deceived by fraudulent schemes or those that become...
Continue Reading
Zero-day Exploit for Microsoft's Windows10 Revealed – No Patch Yet
A talented Microsoft bug seeker with an affinity for open divulgences by means of Twitter has straightforwardly drifted another Windows 10 zero-day imperfection. The analyst, who passes by the alias SandboxEscaper, says the bug is available in the code taking care of cutting edge advanced local procedure calls (ALPCs). It tends to be abused by...
Continue Reading
The Dark Web Exposed New Sale of Pakistani Banks Credit Card Dumps
Security experts have just discovered another rather huge set of compromised payment cards details that was put on sale on Joker’s Stash, one of the most popular underground hubs of stolen card data, on Nov. 13. The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card,...
Continue Reading
Hackers Found Selling Pakistani Bank Data on the Dark Web
Malicious threat actors have apparently figured out how to take assets from almost every bank in Pakistan, in a stunning unforeseen development. The gigantic money related break was affirmed by the executive of cybercrimes at Pakistan’s Federal Investigation Agency, wing Captain (retd) Mohammad Shoaib, various nearby news outlets detailed. The hackers have allegedly figured out...
Continue Reading
Drupalgeddon 2: A Postmortem Analysis for Drupal’s Major Security Breach
Background Just months ago, Drupal, one of the most famous Content Management System (or CMS) along with WordPress and Joomla, sparked a lot of controversies surrounding its alleged vulnerability of how easy it is for threat actors to compromise its system. We’re referring to what happened last March, on which two vulnerabilities, (CVE-2018-7600) and (CVE-2018-7602),...
Continue Reading
Trusted SSL/TLS Certificates: The New Tool for Domain Spoofers
The holiday season is fast approaching – this is just the perfect opportunity for cybercriminals to scam shoppers out of their hard-earned money. According to Experian data, online shopping fraud attacks rose 30 percent in 2017 from 2016. Online shoppers can be totally duped in a number of unsuspecting ways – Phishing emails may be...
Continue Reading
The Panda Banking Trojan Now Targeting the US, Japan & Canada
The Panda Banker is a banking Trojan that seems to be related to the Zeus Trojan. The Panda Banker, a recently uncovered banking Trojan, is related to one of the most famous and destructive banking Trojans in history. Zeus is quite an old threat that has spawned countless imitators. The Panda Banker is used to...
Continue Reading
LoJax: The First Ever UEFI Rootkit Released
Researchers from ESET who discovered the rootkit say this is the first time researchers successfully detected an actively exposed rootkit that exploits the UEFI or Unified Extensible Firmware Interface specification that defines a software interface between an operating system and platform firmware. By injecting itself this deeply into the computer, the attackers hope to achieve...
Continue Reading
1 2 3 4 5