/ Security News /

It’s Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary …

/ Government Security Alerts /

Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic …

/ Security News /

The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be …

/ Government Security Alerts /

Since at least late 2016, HIDDEN COBRA actors have used FASTCash tactics to target banks in Africa and Asia. At the time of this TA’s publication, the U.S. Government has not confirmed any FASTCash incidents affecting institutions within the United States. FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. …

/ Security News /

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article, earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile …

/ Security News /

Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang. Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware. Lukitus Campaign Sends 23 Million Emails in 24 Hours The campaign spotted by researchers at AppRiver …

/ Security News /

As a presidential candidate Donald Trump, along with his surrogates and children Donald Trump Jr. and Eric Trump, pledged to defend American institutions, government organizations, and businesses from cyberattacks and hackers. But as is frequently the case with political campaigns confronted with the hard realities of governing, the Trump administration has stumbled regarding cybersecurity policy. …

/ Security News /

When John Carlin was working for the US government, he encountered what seemed like a normal, small-time cybersecurity attack. But it turned out to be so much more. In what appeared to be an unsophisticated attack, a hacker stole a small amount of information from a US company—including names and addresses—and demanded $500 in Bitcoin …

/ Security Assessments News /

Enlarge / TOPSHOT – French newly elected president Emmanuel Macron (C) poses with a woman for a selfie picture as he leaves the hairdresser on May 9, 2017, in Paris. Macron’s campaign mounted a digital defense against an apparent Russian phishing campaign by creating large numbers of fake e-mail accounts filled with garbage documents. PATRICK …

/ Security Assessments News /

Enlarge / A phishing e-mail aimed at worker rights activists in Qatar and Nepal crafted to fool targets into giving up their credentials. Amnesty International Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a “phishing” campaign that attempted to steal the Google credentials …