2018, Data, Information Security and Security - Information Management Today

2018

Data

Information Security

Security

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can lead to arbitrary code execution in the context of the current user.

IT Cybersecurity Risk Security

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). On compromised ASA devices, attackers utilize the host-scan-reply field to deliver shellcode, bypassing the need for CVE-2018-0101 exploitation. PSIRT and Talos launched an investigation to support the customer.

IT Authentication Access Security

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Trending Sources

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

Hunton Privacy

JANUARY 19, 2021

On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). The new draft Guidelines take into account supervisory authorities’ common experiences with data breaches since the GDPR became applicable in May 2018.

Data breaches

Data breaches Personal data GDPR Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Microsoft. Pierluigi Paganini.

IT IoT Cybersecurity Authentication

xHunt hackers hit Microsoft Exchange with two news backdoors

Security Affairs

NOVEMBER 9, 2020

Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor tracked as xHunt , aka Hive0081, which was first discovered in 2018. <C2 domain>.

Communications

Communications Access Government Encryption

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

Security Affairs

APRIL 6, 2020

According to the BGPmon.net , starting from 2020-04-01 19:27:28 its service detected a possible BGP hijack, the prefix involved is 31.13.64.0 /19, The phenomena were also monitored by security firm Qrator Labs, below and excerpt from its analysis. In November 2018, security researchers Chris C. The prefix 31.13.69.0/24

IT Cloud Paper Marketing

MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

Security Affairs

JUNE 10, 2019

Security experts at Trend Micro report that the MuddyWater APT group (aka SeedWorm and TEMP.Zagros ), has used an updated multi-stage PowerShell backdoor in recent cyber espionage campaigns. The macro was used to drop a VBE file that holds a block of data containing an obfuscated PowerShell script. . Pierluigi Paganini.

IT Phishing Government Security

Identity-based Cryptography

Thales Cloud Protection & Licensing

SEPTEMBER 26, 2019

The protocol seems to have been deployed in UK emergency services from 2018 [17,18]. 8,9]) combines signature and encryption in a secure way, providing efficient joint authentication and encryption. Suppose a user Alice works at Thales e-Security in Cambridge. For more information, please visit our Horizons research website.

e-Delivery

e-Delivery Encryption Authentication Government

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. That malware is known as FlawedAmmyy RAT and was discovered by Proofpoint researchers in March 2018. Technical Analysis. A deeper dive.

File names

File names Phishing Libraries IT

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. As Stuart Brand said back in 1984 “information wants to be free.”

Manufacturing

Manufacturing Agriculture IT Access

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

Webinars

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

xHunt hackers hit Microsoft Exchange with two news backdoors

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

Identity-based Cryptography

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

The Hacker Mind Podcast: The Right To Repair

Stay Connected