Microsoft warns about two apps with incorrect root certificates
Microsoft today published a security advisory in which it warns of two applications that have accidentally installed two root certificates on users' computers and then leaked the private keys. The mistakes make that malicious people can take advantage of unsuspecting users of the two apps.
Third par... Read more
Mimecast adds threat information from mail to IBM QRadar
Mimecast, provider of e-mail and data security, makes its e-mail security information available for the threat intelligence solution IBM QRadar. This gives security teams a better understanding of potential vulnerabilities, current attacks and potential threats via e-mail.
IBM QRadar groups and moni... Read more
Linux cryptominer steals passwords and turns off antivirus software
Researchers from the Russian antivirus manufacturer Dr. Web have found a new form of malware that steals passwords and turns off antivirus software. This is an unnamed trojan, which focuses on Linux. That's what ZDNet reports.
The trojan itself is a gigantic shell script with over 1,000 lines of co... Read more
“Cybercriminals abuse encrypted data traffic more often.
Cyber threats are on the increase and are becoming increasingly sophisticated. That's what security company Fortinet says in its Global Threat Landscape Report for the third quarter of this year. Encrypted data traffic, for example, is being abused more and more often and there is a growing number o... Read more
Rowhammer attacks can bypass ECC memory protection
Researchers at the Vrije Universiteit in Amsterdam have described in a paper a new variation of the Rowhammer attack, which makes the attack successful on ECC memory. Rowhammer is a group of exploits that exploit an error in the design of modern memory cards.
A memory card stores temporary data as s... Read more
Google requires additional verification of political advertisements from 2019 onwards
In the run-up to the European Parliament elections, Google will oblige advertisers to first submit an application and to undergo verification before they can buy political advertisements. The search engine will also clearly indicate who pays for the advertisements.
The verification procedure is int... Read more
Dropbox researchers accidentally found 3 zero days in Apple software
The Dropbox red team accidentally discovered a zero day in Apple software. While one of the company's teams was investigating how its software responds to cyber-attacks, it discovered a number of zero-day vulnerabilities.
The Offensive Security red team - a group of specialists tasked with attackin... Read more
U.S. ask allies not to buy network equipment from Huawei
The United States is asking allies in Europe to stop purchasing network equipment from Huawei, China. The hope is that a subsidy for companies and governments to buy equipment from other companies will make them change their minds. For example, the U.S. government intends to enforce its ban on Chine... Read more
Emotet malware includes unique infrastructure to prevent down-time
According to security company Trend Micro, Emotet's malware corridor deliberately designed the backbone infrastructure of its server in two separate clusters.
Researchers analyzed 571 samples of the group's malware. It allowed them to extract the IP addresses of 721 Emotet command-and-control (C&... Read more