The successful SHA-1 collision attack announced last week by Google and CWI appears to have a serious impact on repositories that use the Apache Subversion (SVN) software versioning and revision control system.
read more
Google Discloses Unpatched Flaw in Edge, Internet Explorer
Google Project Zero has disclosed a potentially serious vulnerability in Microsoft’s Edge and Internet Explorer web browsers before the tech giant could release patches.
read more
Targeted Malware Campaign Uses HWP Documents
A recently observed targeted malware campaign against South Korean users was using Hangul Word Processor (HWP) documents as the infection vector, Talos researchers reveal.
read more
MySQL Databases Targeted in New Ransom Attacks
Thousands of MySQL databases are potential victims to a ransom attack that appears to be an evolution of the MongoDB ransack campaign observed a couple months ago, GuardiCore warns.
read more
U.S. Oil and Gas Industry Lagging in Security: Report
The oil and gas industry in the United States is largely unprepared to address cybersecurity risks in operational technology (OT) environments, according to a study commissioned by German engineering giant Siemens.
read more
Briton Arrested Over Deutsche Telekom Hacking
A British national has been arrested at a London airport on suspicion of staging a cyber attack on Deutsche Telekom last year that knocked around a million German households offline, officials in both countries said Thursday.
read more
D-Link Patches Serious Flaws in DGS-1510 Switches
D-Link has released firmware updates for the company’s DGS-1510 stackable managed switches to address serious vulnerabilities that can be exploited remotely to hijack the devices.
read more
CloudFlare Leaked Sensitive Customer Data
CloudFlare has been working around the clock in the past few days to address a critical security problem that led to sensitive customer data getting leaked and cached by search engines.
read more
New “Filecoder” macOS Ransomware Surfaces
New Filecoder macOS Ransomware is Poorly Coded, Destructive
read more
Poison Ivy RAT Campaign Leverages New Delivery Techniques
A recently observed campaign using the Poison Ivy remote access tool (RAT) against individuals within the Mongolian government uses publicly available techniques that haven’t been observed in previous campaigns, FireEye reports.
read more
