Original release date: May 21, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »
The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers.
Original release date: May 18, 2018 The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC Knowledge Base Articles AA-01602 and AA-01606 and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely as possible.
The vulnerability allows an attacker to execute a malware or other payloads on a client machine by sending malicious messages from the DHCP server.
Threatpost talked to several security researchers about what’s changed in the past year.
The company urges customers to patch three vulnerabilities that received the highest severity rating of 10.
Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices.
The main purpose of Grobios malware is to help attacker establish a strong, persistent foothold in a victim’s system, in order to drop additional payloads later.
Cryptominer WinstarNssmMiner is an aggressive malware strain that has launched 500,000 attacks in the past three days earning criminals $28,000.