New Spectre attack enables secrets to be leaked over a network
It’s no longer necessary to run attacker code on the victim system. When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as…
Leafminer cyber espionage group targets Middle East
Hackers belonging an Iran-linked APT group tracked as ‘Leafminer’ have targeted government and various organizations in the Middle East. An Iran-linked APT group tracked as ‘Leafminer’ has targeted government and businesses in the Middle. According to the experts from Symantec, the Leafminer group has been active at least since early 2017….
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M
Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to…
Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code
Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability. The security bug at the heart of these hacking attempts is CVE-2018-2893, a vulnerability in a component of the…
SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by…
Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen
Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5…
Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router
A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router. The victim of the hack is PIR Bank, which lost at least $920,000 in money it had stored in a corresponding…
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products
Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws…
Russia’s national vulnerability database is a bit like the Soviet Union – sparse and slow
Russia’s vulnerability database is much thinner than its US or Chinese counterparts – but it does contain a surprisingly high percentage of security bugs exploited by its cyber-spies. Recorded Future’s Priscilla Moriuchi and Dr Bill Ladd found the database is highly focused yet incomplete, slow…
Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine
Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine). Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in…
Stay connected