Archive for April, 2019

While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse.

Continue reading

Storing passwords in plain text and harvesting email contacts have landed the firm in hot water — again. Continue reading

The cyber-attack was first detected on 15 March 2019, when state-of-the-art security monitoring tools detected suspicious activity on Amnesty International Hong Kong’s local IT systems. Cyber security experts took immediate action to protect the systems and to commence an investigation into the attack. Continue reading

Western countries are increasingly calling out malicious cyber activity by other nation states, and this naming and shaming can deter attacks and spur potential victims into improving their security planning, according to intelligence chiefs. Continue reading

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility, which was featured in a Kim Zetter article on Motherboard. The topic was also one of the research announcements made at the SAS conference, which took place in Singapore on April 9-10, 2019. Now it is time to share more details about the research with our readers. Continue reading

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of additional DNSpionage attacks, and in January, the U.S. Department of Homeland Security issued an alert warning users about this threat activity. Continue reading

Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. Continue reading

STUART — City officials on Wednesday confirmed a computer virus that infected servers over the weekend was the result of a ransomware attack. Continue reading

The remote Oracle WebLogic server is affected by a remote code execution vulnerability(0day). Continue reading


  • CVSS v3 7.1
  • ATTENTION: Exploitable remotely/low skill level to exploit
  • Vendor: Rockwell Automation
  • Equipment: MicroLogix 1400 and CompactLogix 5370 Controllers
  • Vulnerability: Open Redirect

Continue reading