SB18-141: Vulnerability Summary for the Week of May 14, 2018

Original release date: May 21, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Wicked Botnet Uses Passel of Exploits to Target IoT

The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers.

ISC Releases Security Advisories for BIND

Original release date: May 18, 2018 The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC Knowledge Base Articles AA-01602 and AA-01606 and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely as possible.

Critical Linux Flaw Opens the Door to Full Root Access

The vulnerability allows an attacker to execute a malware or other payloads on a client machine by sending malicious messages from the DHCP server.

One Year After WannaCry: A Fundamentally Changed Threat Landscape

Threatpost talked to several security researchers about what’s changed in the past year.

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

The company urges customers to patch three vulnerabilities that received the highest severity rating of 10.

Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices.

RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

The main purpose of Grobios malware is to help attacker establish a strong, persistent foothold in a victim’s system, in order to drop additional payloads later.

New Cryptominer Distributes XMRig in Aggressive Attacks

Cryptominer WinstarNssmMiner is an aggressive malware strain that has launched 500,000 attacks in the past three days earning criminals $28,000.