News

Thunderclap Flaws Shatter Peripheral Security

Kapersky Labs - Wed, 27/02/2019 - 15:45
Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals.
Categories: News

Running Elasticsearch 1.4.2 or earlier? There's targeted malware going for your boxen

The Register - Wed, 27/02/2019 - 13:59
Yes it's years out of date but there's no such thing as security through obscurity

Cisco's security limb has spotted nefarious people targeting Elasticsearch clusters using relatively ancient vulns to plant malware, cryptocurrency miners and worse – though it does root out some other cybercrims’ dodgy wares, cuckoo-style.…

Categories: News

Bronze Union APT Updates Remote Access Trojans in Fresh Wave of Attacks

Kapersky Labs - Wed, 27/02/2019 - 12:30
The China-linked threat group has returned in 2018 using updated RATs to launch its attacks, including ZxShell, Gh0st RAT, and SysUpdate malware.
Categories: News

Protect you and your biz by learning the tricks of cyber criminals' trade at SANS London in March

The Register - Wed, 27/02/2019 - 08:02
Choose between 10 intensive training courses

Promo  However sophisticated computer systems become, skilled and determined cyber criminals manage to find endless new and more ingenious ways of breaking in to steal data or hold organisations to ransom.…

Categories: News

Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware

The Register - Wed, 27/02/2019 - 06:08
Honey, I've shrunk the spyware and concealed it with speculative execution

Spectre – the security vulnerabilities in modern CPUs' speculative execution engines that can be exploited to steal sensitive data – just won't quietly die in the IT world.…

Categories: News

You've got Thunderclap! macOS, Windows pwnage via peripherals is back in black

The Register - Tue, 26/02/2019 - 22:40
Open memory defenses allow mischief from connected kit

Computers have enough trouble defending sensitive data in memory from prying eyes that you might think it would be unwise to provide connected peripherals with direct memory access (DMA).…

Categories: News

Up up and Huawei in my beautiful buffoon: Trump sparks panic by tying tech kit ban, charges to China trade negotiations

The Register - Tue, 26/02/2019 - 22:05
National security, sanctions allegations, pfft, you don't understand the art of the deal

Efforts to pressure the White House into banning Huawei hardware from America's networks may have backfired.…

Categories: News

Latest 4G, 5G phone-location slurp attack is a doozy, but won't Torpedo Average Joe or Jane

The Register - Tue, 26/02/2019 - 19:34
Needs manpower, bags of time, full knowledge of target

Analysis  A group of infosec researchers have uncovered neat ways to track a phone's location via 4G or 5G. However, the mechanics of the surveillance, while fascinating, are difficult to pull off for all but the most determined foe.…

Categories: News

‘Cloudborne’ IaaS Attack Allows Persistent Backdoors in the Cloud

Kapersky Labs - Tue, 26/02/2019 - 18:46
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.
Categories: News

Harassment, hate and bile, suicide instructions for kids... anything else social media's good at? Ah yes, cybercrime

The Register - Tue, 26/02/2019 - 18:04
Businesses as well as ordinary punters hit by viral nasties

Antisocial media sites like Facebook, LinkedIn, Twitter, and YouTube aren't merely inciting hatred, enabling discrimination, driving content moderators to the brink, and showing kids how to commit suicide. They're also making cybercrime more practical and profitable, at the expense of law-abiding internet users.…

Categories: News

High-Severity SHAREit App Flaws Open Files for the Taking

Kapersky Labs - Tue, 26/02/2019 - 16:33
SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim's device.
Categories: News

Critical WinRAR Flaw Found Actively Being Exploited

Kapersky Labs - Tue, 26/02/2019 - 14:51
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.
Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News