cyber attacks

Vulnerabilities

Issued by: Security Week

Hackers Can Abuse Text Editors for Privilege Escalation

Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…

Malware & Threats

Issued by: Dark Reading

Malware ‘Cocktails’ Raise Attack Risk

Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports. It was good while it lasted. The drop in malware attack attempts seen in 2016 – from 8.19 billion in 2015 to 7.87 billion – is but a fond memory, as 2017 saw more than…

Malware & Threats

Issued by: CSO

Healthcare Experiences Twice the Number of Cyber Attacks As Other Industries

Healthcare has become the second largest sector of the U.S. economy, accounting for 18% of gross domestic product (GDP) in 2017, and is rivaled only by U.S. Federal Government’s 20% share of GDP in the same year. Not surprisingly, IT spending in healthcare is keeping pace, reaching $100 billion in 2017. As healthcare sector technology spending grows, so does the sector’s…

Network Security

Issued by: Help Net Security

A view of the global threat landscape: Cybercrime and intrusion trends

Established and well-resourced cyber operations will continue to innovate, developing new methods of distributing crimeware and incorporating advanced tactics to infiltrate, disrupt and destroy systems, according to a new report by CrowdStrike. “We’ve already seen cyber adversaries launch massive, destructive attacks that render organizations inoperable for days or weeks. Looking ahead, security teams will be under…

Application Security

Issued by: Security Week

Google Researcher Finds Critical Flaws in uTorrent Apps

Google researcher Tavis Ormandy discovered several critical vulnerabilities in the classic and web-based versions of BitTorrent’s uTorrent application. Patches have been released, but it appears that not all flaws have been fixed properly. Ormandy found that the uTorrent Classic and the uTorrent Web apps create an HTTP RPC server on ports 10000 and 19575, respectively….

Vulnerabilities

Issued by: Help Net Security

7 steps security leaders can take to deal with Spectre and Meltdown

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer…

Malware & Threats

Issued by: Security Week

Cisco Aware of Attacks Exploiting Critical Firewall Flaw

Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. No other information has been provided by the networking giant, but it’s worth noting that aproof-of-concept (PoC) exploit designed to cause a denial-of-service (DoS) condition on devices running…

Network Security

Issued by: Security Week

The Time to Focus on Critical Infrastructure Security is Now

The world has once again been reminded that the threat of cyber attacks on critical infrastructure systems remains very real. Last month, Britain’s defense secretary, Gavin Williamson, iterated that Russia held the potential for wide disruption and “thousands of deaths” through such attacks. His announcement was the latest indication of increased chatter regarding attacks on critical infrastructure,…

Malware & Threats

Issued by: Help Net Security

Macro-less malware: The cyclical attack

Last year, attackers linked to the Russian hacking group APT28 (sometimes called Fancy Bear) started hacking like its 1999 with Microsoft Word-based malware that doesn’t trigger security warnings along the way. These types of attacks are called “macro-less malware” because they bypass the security warnings added to Microsoft Office programs in response to traditional macro…