Revamped HawkEye Keylogger Swoops in on Coronavirus Fears

There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

Code injection

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

CVE-2019-16063

CVE-2019-16063 affects NETSAS Enigma NMS 65.0.0 and earlier. The vulnerability is an information disclosure where sensitive data rendered in web pages is not encrypted, allowing an attacker to expose unencrypted sensitive data. No exploit details or affected versions beyond 65.0.0 and prior are p...

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...

CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...

Cloud Misconfig Mistakes Show Need For DevSecOps

Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...

Cloud Misconfig Mistakes Show Need For DevSecOps

Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...

Broadcom Wi-Fi Devices - KR00K Information Disclosure

Broadcom Wi-Fi Devices - KR00K Information Disclosure Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this...

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved...

CVE-2020-4283

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

The vulnerability of the SAP Information Steward software control tool, which exists due to deficiencies in the encryption of user-input data, allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the SAP Information Steward software control tool exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis

Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through a phishing email. Once the Ryuk payload...

CVE-2020-4224

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133...

Security Bulletin: Information Disclosure in IBM StoredIQ (CVE-2020-4224)

Summary IBM StoredIQ has addressed the following information disclosure vulnerability. Vulnerability Details CVEID: CVE-2020-4224 DESCRIPTION: IBM StoredIQ could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links...

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell int...

Security Bulletin: Vulnerability in the Fabric OS used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurr...

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...