Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase says the attack happened earlier this month. Continue reading
As you have probably heard, a group known as the Shadow Brokers released a large cache of Windows tools and exploits. One of the exploits installs a kernel mode implant known as DOUBLEPULSAR. There have been several good articles written on DOUBLEPULSAR already, so I won’t detail repeat that work here.
Just like Wifatch and Hajime, the BrickerBot malware is the work of a vigilante grey-hat, who goes online by the name of Janit0r, a nickname he chose on the Hack Forums discussion boards. Continue reading
The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. Continue reading
Hyundai Motor America has patched a vulnerability in its Blue Link mobile application that exposed personal and vehicle information to an attacker.Updated versions of the app (3.9.6) were released to Google Play and the Apple App Store on March 8, a little more than one month after Rapid7 learned about the vulnerabilities from independent researchers Will Hatzer and Arjun Kumar. Continue reading
Exploits for two patched Android privilege escalation vulnerabilities were published today by security company Zimperium. These are the first publicly released submissions from its N-Days Exploit Acquisition Program, which began in February and had among its stated goals to encourage researchers to develop proof-of-concept exploits that would force carriers and handset makers to improve Android patch delivery. Continue reading
Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066).
Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the “Solution” section below. Continue reading
The xDedic marketplace is a predominant cybercriminal marketplace on the dark web known for hosting sales of access to compromised Remote Desktop Protocol (RDP) servers. RDP is Microsoft’s proprietary protocol that provides users with a graphical interface to connect to another computer over a network connection. Continue reading
Pawn Storm—also known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM—is an active cyber espionage organization that has been very aggressive and ambitious in recent years. Pawn Storm’s activities show that foreign and domestic espionage and influence on geopolitics are the group’s main motives, with targets that include armed forces, the defense industry, news media, and politicians. Continue reading