All posts by Wang Wei

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the

U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers

Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing $16.8 million worth of cryptocurrencies in a series of

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also

Adobe Issues July 2020 Critical Security Patches for Multiple Software

Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications.Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity.The affected products that received security patches today include:Adobe Creative Cloud Desktop Application Adobe Media Encoder Adobe Genuine Service Adobe

‘Satori’ IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.According to court documents,

A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide

A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.Hack-for-hire services do not operate as a

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties.Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.According to the breach notification

Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks

Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS.Dubbed 'SafeBIOS Events & Indicators of Attack' (IoA), the new endpoint security software is a behavior-based threat detection system that alerts users when BIOS settings of their