World of Warcraft phish campaign lures victims with free pet
A phishing campaign currently in circulation is attempting to bait World of Warcraft with the promise of free in-game pets. We’ve seen two variations on this so far, and it’s possible there’s more. Both of the below examples lead to the same phishing URL. As great as the promise of some free content is, this…
Explained: Packer, Crypter, and Protector
In this article, we will try to explain the terms packer, crypter, and protector in the context of how they are used in malware. Bear in mind that no definitions for these categories are set in stone and that they all have overlap and that there are exceptions to the rules. But this is the…
Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago
The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday. The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed “Vault 7,” containing hitherto…
Apple: CIA’s Mac, iPhone Vulnerabilities Already Patched
Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular submission process. WikiLeaks’ second “Vault 7” dump, dubbed by the organization “Dark Matter,” includes documents describing tools allegedly…
Microsoft Patches Many Exploited, Disclosed Flaws
Microsoft has released a total of 18 security bulletins to address tens of vulnerabilities, including more than a dozen that have already been publicly disclosed or exploited in attacks. The March 2017 updates also include the patches that should have been released last month. Microsoft postponed most of the February security updates – except the…
Actively Exploited Struts Flaw Affects Cisco Products
Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…
In a Cybersecurity Vendor War, the End User Loses
When vulnerability information is disclosed without a patch available, users are the ones really being punished. Rarely do you see corporations clash over vulnerability disclosures. It’s almost an unwritten rule that a business wouldn’t participate in improper vulnerability disclosures, but Google has decided to go head-to-head with Microsoft in the release of information after 90…
Temporary Fix Available for Windows GDI Vulnerability
A temporary fix is available for the Windows Graphics Device Interface (Windows GDI) vulnerability that was disclosed a couple of weeks ago. The flaw was initially discovered by Mateusz Jurczyk, an engineer with Google’s Project Zero team, in March 2016, along with other issues in the user-mode Windows GDI library (gdi32.dll). Microsoft attempted to resolve…
Rockstar Games Launches Public Bug Bounty Program
Rockstar Games this week launched a public bug bounty program through HackerOne, after running it in private mode for more than nine months. On the program’s page, the company reveals that the minimum bounty for successful vulnerability submissions is $150, but that researchers can get higher rewards, depending on the severity and complexity of the…
Multiple security flaws found in mainstream robotic technologies
IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack. Attackers could employ the issues found to maliciously spy via the robot’s microphone and…