Twitter, Reddit, Spotify, PSN, XBox, Netflix, Github, PayPal and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn DNS, a world renowned Domain Name Servers (DNS) service provider. You can read the most recent status messages at DynDNS. So far there [...]
Security researcher Patrick Wardle of Synack has discovered a new potential use of malware that targets the use of the Mac OS X webcam. This new attack allows OS X malware to record video and audio whenever a victim legitimately turns on their webcam, without drawing attention to itself. As you can see in the [...]
The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87 and Linux.DDoS.89. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers. It has similar features as Linux.BackDoor.Fgt, a backdoor that was found infecting Linux [...]
On Friday, Cisco published a high level security advisory CVE-2016-6415 for an IKEv1 Information Disclosure Vulnerability that affects multiple Cisco products including: Cisco IOS, Cisco IOS XR, and Cisco IOS XE. The vulnerability is in the IKEv1 packet processing code which could allow an unauthenticated remote attacker to retrieve memory contents, which could lead to [...]
Mozilla officials have announced that they plan to push a security update for their Firefox browser on Tuesday, September 20, 2016. This patch fixes the same cross-platform, malicious code-execution vulnerability patched Friday in the Tor browser. The Attack The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged [...]
Researchers at CyberArk have published a proof-of-concept attack that leverages Windows Safe Mode to expose credentials and gain further access to a PC or Windows Servers. They first discovered this attack back in February and even reported it to the Microsoft Security Response Center who said it was not a valid vulnerability. An attacker would [...]
JAMF Software has a number of solutions for fleet management of Apple products, including their own Apple MDM. The issue discussed in this post applies to the self-hosted JAMF Casper Suite and deploying a JSS. This suite of tools includes software that will help track inventory, manage devices, implement security policies, and deployment of software [...]
A security researcher by the name of Rob Fuller has posted an article on Softpedia where he has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested). He used USB ethernet adapters where he modified the firmware code so that it runs special software [...]
Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]
