Hackers Abuse Google Cloud Platform to Attack D-Link Routers

Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse.

This Preinstalled Mobile Security App Delivered Vulnerabilities, Not Protection

No. 4 global phone maker, Xiaomi, preinstalled a security app called ‘Guard Provider’ that had a major flaw.

Apache Releases Security Update for Apache HTTP Server

Original release date: April 04, 2019 The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

Nvidia has patched eight high-severity flaws in its Tegra processors, which could enable denial of service and code execution.

Free Cynet Threat Assessment for Mid-sized and Large Organizations

Have your business try Cynet’s Free Threat Assessment that checks for malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc.

Google’s April Android Security Bulletin Warns of 3 Critical Bugs

Google’s April Android Security update fixed 12 Android-specific vulnerabilities including three critical remote code execution flaws.

Financial Apps are Ripe for Exploit via Reverse Engineering

White hat hacker reverse engineers financial apps and finds a treasure trove of security issues.

SB19-091: Vulnerability Summary for the Week of March 25, 2019

Original release date: April 01, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

MS-ISAC Releases Security Primer on LockerGoga Ransomware

Original release date: April 01, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an organization. The Cybersecurity and Infrastructure Security Agency (CISA) discourages individuals and organizations from paying the ransom, as this does not guarantee access will be restored. CISA encourages users …
Read More »

Supply Chain Integrity Month

Original release date: April 01, 2019 April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious …
Read More »