Monitoring cyberthreats over time reveals interesting insights into the strategies used by cybercriminals and the evolution of the attack vectors they target. While the threat landscape continues to be quite diversified, trends do seem to run in predictable cycles. For example, over the last year or so ransomware has risen to become one of the …
Two major Canadian banks informed customers on Monday that they launched an investigation after hackers claimed to have obtained personal and account information as a result of a data breach. The targeted organizations are the Bank of Montreal (BMO) and Simplii Financial, the direct banking brand of the Canadian Imperial Bank of Commerce (CIBC). Both …
The European Union’s new data protection laws came into effect on Friday, with Brussels saying the changes will protect consumers from being like “people naked in an aquarium”. The EU’s so-called General Data Protection Regulation (GDPR) has been blamed for a flood of spam emails and messages in recent weeks as firms rush to request …
Talos has reported that a sophisticated modular malware system known as VPNFilter has a destructive capability that can make the affected device unusable. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment as well as QNAP network-attached storage (NAS) devices. In addition, compromised devices may be vulnerable to the …
Cisco has released a security update stating that a vulnerability in Cisco Digital Network Architecture (DNA) Center which could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials.This is due to the presence of undocumented, static user credentials for the default …
Mozilla has released a security update stating that multiple vulnerabilities have been identified in Mozilla Thunderbird: a) Multiple memory corruption vulnerabilities which could result in arbitrary code execution – (CVE-2018-5150). b) A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash – (CVE-2018-5154). c) …
The Internet Systems Consortium (ISC) has released a security update stating that A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause …
Microsoft has released a security update stating that multiple vulnerabilities have been discovered in Microsoft Office PowerPoint and Excel for Mac where an attacker could entice a victim to open a specially crafted file using the affected application where Microsoft Office PowerPoint and Excel for Mac fails to properly handle objects in memory. Details of …
VMware has released a security update stating that VMware NSX SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks as successful exploitation of this issue could result in remote code execution. Further information on this …
Mozilla has released a security update stating that the following vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR): a) A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension …