Ionut Arghire

New Exploit Kit Targets SOHO Routers

The Novidade exploit kit is targeting home and small office routers in an attempt to compromise the mobile devices or desktop computers connected to the routers.

House Releases Cybersecurity Strategies Report

The U.S. House of Representatives’ Committee on Energy and Commerce has released a report identifying strategies for the prevention and mitigation of cybersecurity incidents.

Secure Messaging Applications Prone to Session Hijacking

Secure messaging applications such as Telegram, Signal and WhatsApp can expose user messages through a session hijacking attack, Cisco’s Talos security researchers warn.

Highly Active MuddyWater Hackers Hit 30 Organizations in 2 Months

The cyberespionage group referred to as MuddyWater (AKA Seedworm) has hit over 130 victims in 30 organizations from late September to mid-November, Symantec says.

Researchers Find a Dozen Undocumented OpenSSH Backdoors

ESET security researchers have discovered 12 new OpenSSH backdoor families that haven’t been documented before.

New Mac Malware Combines Open-Source Backdoor and Crypto-Miner

Malware targeting macOs systems is a combination of two open-source programs, Malwarebytes security researchers warn.

168 Arrested in Money Mule Crackdown

Europol this week announced that 168 people were arrested in a massive operation that resulted in the identification of 1504 money mules.

Google Launches Cloud Security Command Center in Beta

Google has launched several new features for its Google Cloud Platform (GCP) customers, as part of the beta release of its Cloud Security Command Center (Cloud SCC).

North Korea-linked Hackers Target Academic Institutions

A threat group possibly originating from North Korea has been targeting academic institutions since at least May this year, NetScout’s security researchers reveal.

Google ASPIRE to Boost Android Security and Privacy

Google is stepping up its effort to improve the security and privacy of Android with a new initiative called ASPIRE (Android Security and PrIvacy REsearch).

Google Patches More Than 50 Android Vulnerabilities in December

Google this week announced the release of a new set of security patches for the Android operating system, to address over 50 vulnerabilities in the platform.

Apple Patches Tens of Flaws in iOS, macOS, Safari

Apple this week released several security updates to address tens of vulnerabilities impacting the iOS and macOS platforms, the Safari browser, and various Windows applications.

DHS Says SamSam Ransomware is Targeting Critical Infrastructure Entities

DHS and the FBI say that SamSam ransomware operators targeted multiple industries, including entities within critical infrastructure.

Malware Dropper Supports a Dozen Decoy Document Formats

A recently discovered malware dropper has the ability to use nearly a dozen decoy document file formats to drop various payloads, Palo Alto Networks security researchers warn.

No Smoking Gun Tying Russia to Spear-Phishing Attack, Microsoft Says

There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says.

Fake iOS Fitness Apps Steal Money

A series of iOS applications posing as fitness-tracking tools have been stealing users’ money by abusing the Touch ID feature, ESET has discovered.

Phishing Campaign Delivers FlawedAmmyy, RMS RATs

A new campaign delivering various remote access Trojans (RATs) is likely the work of a known Dridex/Locky operator, Morphisec security researchers warn.

XS-Search Flaw Found in Google's Issue Tracker

A security flaw recently discovered in Google’s Monorail open-source issue tracker could be exploited to perform a Cross-Site Search (XS-Search) attack, a security researcher reveals.

Russian Hackers Use BREXIT Lures in Recent Attacks

Russia-linked cyber-espionage group Sofacy was using BREXIT-themed lure documents in attacks on the same day the United Kingdom Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union.

Elasticsearch Instances Expose Data of 82 Million U.S. Users

Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.

Mozilla Testing DNS-over-HTTPS in Firefox

Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.

Hackers Using NSA Hacking Tools to Build Botnet

Hackers are looking to compromise millions of machines behind the vulnerable routers by leveraging the NSA-linked EternalBlue (CVE-2017-0144) and EternalRed (CVE-2017-7494) exploits.

New PowerShell Backdoor Resembles "MuddyWater" Malware

A recently discovered PowerShell-based backdoor is strikingly similar to malware employed by the MuddyWater threat actor, Trend Micro reports.

Google Makes Secure LDAP Generally Available

Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.

Cisco Patches SQL Injection Flaw in Prime License Manager

Cisco has fixed a vulnerability in the web framework code of Cisco Prime License Manager that could allow an attacker to execute arbitrary SQL queries.

SECURITYWEEK NETWORK:

Security Experts:

Recent articles by Ionut Arghire

SecurityWeek Daily Briefing

Popular Topics

Security Community

Stay Intouch

About SecurityWeek