Original release date: January 24, 2019 Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks. See the following …
Read More »
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.
Here are six tips to put threat hunters in the driver’s seat so they can outsmart their adversaries.
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8.
Original release date: January 22, 2019 The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to address ongoing incidents associated with global Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them. The directive requires Federal agencies to take specific steps and comply with reporting procedures to mitigate risks from undiscovered tampering, prevent …
Read More »
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.
The patches are part of Adobe’s second unscheduled update this month.
Original release date: January 21, 2019 | Last revised: January 22, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which …
Read More »
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.
A default configuration allows full admin access to unauthenticated attackers.