Cisco Patches Privilege Escalation Bugs in APIC

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine. Source: Threadpost

Drupal Patches Critical Access Bypass in Core Engine

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities. Source: Threadpost

Rowhammer Attacks Come to MLC NAND Flash Memory

IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory. Source: Threadpost

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN...

Locky Ransomware Variant Slips Past Some Defenses

Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file. Source: Threadpost

Flash’s Final Countdown Has Begun

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base. Source: Threadpost

Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack

A.P. Moller -Maersk said June's NotPetya wiper malware attacks would cost the world's largest shipping container company $300M USD in lost revenue. Source: Threadpost

Google Removes Chrome Extension Used in Banking Fraud

Google has removed the Interface Online Chrome extension from the Chrome Web Store. The plugin was used by criminals in Brazil to target corporate users with the aim of stealing banking...

Seven More Chrome Extensions Compromised

The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims’ browsers grows. Source: Threadpost

Attackers Backdoor Another Software Update Mechanism

Researchers at Kaspersky Lab said today that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad. Source: Threadpost
- Advertisement -

APLICATIONS

Vawtrak Banking Trojan Adds DGA, SSL Pinning

Attackers behind the banking Trojan Vawtrak fortified it with a domain generation algorithm (DGA) and SSL pinning capabilities. Source: Threadpost