Cyber Security News

ASCO factory in Zaventem, Belgium was hit by a ransomware infection causing major downtime as most of the plants IT systems were infected. ASCO shut down production in factories across Germany, Canada, and the United States. What is the issue? ASCO, one of the largest airplane parts manufacturer, suffered a ransomware attack crippling production in factories across four countries. What ...

Adobe Adobe has released security updates to fix major vulnerabilities in its Adobe Flash, Adobe ColdFusion, and Adobe Campaign software products. The update for Flashpatches a critical use-after-free vulnerability (CVE-2019-7845) that can lead to arbitrary code execution (ACE) attack. The ColdFusion updates also address three critical ACE vulnerabilities (CVE-2019-7838, CVE-2019-7839, and CVE-2019-7840) in the platform. On the other hand, seven vulnerabilities that existed ...

The vulnerability could allow an attacker to perform DoS on any Windows server such as IPsec, Internet Information Services (IIS), and Microsoft Exchange Server. The researcher found out that any program on the system that processes the X.509 digital certificate will trigger the vulnerability causing deadlock. A vulnerability researcher at Google, Tavis Ormandy, uncovered a vulnerability in the primary cryptographic ...

The ‘Triple Threat’ ransomware program had combined three different methods of attack to target the City’s network systems. This has forced the city’s email systems, land-line phones, and credit card services to shut down. The Lake City Police Department is investigating a ransomware attack on their city network systems that resulted in the shutdown of several emergency services. The ransomware ...

The spam campaign, which specifically targeted UK users, relied on DNS TXT records and redirected users to a fraudulent trading site. IP addresses associated with the campaign are likely linked with Necurs botnet. A new malspam campaign targeting UK users has been spotted in the wild. MyOnlineSecurity.com which came across a number of spam emails related to this campaign found ...

The scammers are leveraging phishing attacks to target users in this scam. The emails contain a link that exploits a common default feature of Google Calendar to include automatic addition and notification of unwanted events & invitations. Multiple cases of a sophisticated scam targeting consumers through unsolicited Google Calendar notifications has been observed recently. The main purpose of the scam ...

Fifty-six percent of consumers in North America and Europe are concerned about biometrics, and 81 prefer passwords for online payments due to security concerns, according to the report “Lost in Transaction: The end of Risk?”. Forty-eight percent of consumers have already authenticated a payment using some form of biometric authentication, rising to 54 percent in the UK. n mCommerce and biometric identification is marked, ...

Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor’s HSM. The vulnerabilities could allow attackers to retrieve sensitive data stored inside Hardware Security Modules. Security researchers Gabriel Campana and Jean-Baptiste Bédrune uncovered vulnerabilities that could allow attackers to retrieve sensitive data stored inside Hardware Security Modules. What is ...

The vulnerability was actively exploited to install miners for cryptocurrencies such as Monero. It was reported that the malware used in the attack cloaked itself in certificate files for obfuscation. A security vulnerability in Oracle WebLogic Server was found to be actively exploited by cybercriminals to install cryptocurrency miners. Security researchers from Trend Micro discovered that the malware used in ...

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author and malware researcher Swapnil Patil. These include surveying the ...