Latest WikiLeaks dump exposes CIA methods to mask malware

WikiLeaks may have dealt another blow to the CIA’s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks. On Friday, the site dumped the source code to the Marble Framework, a set of anti-forensic tools that WikiLeaks claims the CIA used last year. The files do appear to[…]

FacebookTwitterGoogle+Share

Cisco issues urgent reboot warning for bug in ASA and Firepower appliances

Cisco has issued an urgent request to Cisco customers running specific releases of software on their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances to reboot their devices to prevent a device from hanging and stop passing traffic. Cisco said its ASA and FTD devices are affected by a “functional software defect that[…]

Senator: Russia used 'thousands' of internet trolls during US election

The Russian government used “thousands” of internet trolls and bots to spread fake news, in addition to hacking into political campaigns leading up to the 2016 U.S. election, according to one lawmaker. Disinformation spread on social media was designed to raise doubts about the U.S. election and the campaign of Democratic presidential candidate Hillary Clinton,[…]

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used. The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support[…]

IP theft: Declining, or just more stealthy?

Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage. According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent[…]

Open-source developers targeted in sophisticated malware attack

For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware. The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers[…]

VMware patches critical virtual machine escape flaws

VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines. The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion. Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the[…]

Trump extends Obama executive order on cyberattacks

U.S. President Donald Trump is extending by one year special powers introduced by former President Barack Obama that allow the government to issue sanctions against people and organizations engaged in significant cyberattacks and cybercrime against the U.S. Executive Order 13694 was introduced on April 1, 2015, and was due to expire on Saturday, but the president[…]

How to fend off cyberattacks and data breaches

According to research conducted by Symantec, the number of cyberattacks against small businesses (companies with fewer than 250 employees) has been steadily growing over the last six years, with hackers specifically targeting employees (phishing). And while distributed denial of service, or DDoS, attacks are still a leading form of cyber warfare, ransomware and malware attacks,[…]