Dangerous Pegasus Spyware Has Spread to 45 Countries

The malicious spyware has also been found in use in countries known for targeting human rights.

NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: September 18, 2018 NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below: Monday, September 24 Thursday, September 27 Tuesday, October 2 Thursday, October 4 NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified …
Read More »

Facebook Now Offers Bounties For Access Token Exposure

The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

Old WordPress Plugin Being Exploited in RCE Attacks

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

CSS-Based Attack Causes iOS, macOS Devices to Crash

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser.

Apple Releases Multiple Security Updates

Original release date: September 17, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: Apple Support 2.4 for iOS Safari 12 watchOS 5 tvOS 12 iOS 12 This product is provided subject to this Notification and this Privacy & Use policy.

SB18-260: Vulnerability Summary for the Week of September 10, 2018

Original release date: September 17, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Five Weakest Links in Cybersecurity That Target the Supply Chain

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.