Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities
Google’s Issue Tracker contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database.
Michael Mimoso
Malicious Chrome Extension Steals Data Posted to Any Website
A malicious Google Chrome extension being spread in phishing emails steals any data posted online by victims.
Rockwell Automation Patches Wireless Access Point against Krack
Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure.
Researchers at Cisco found a modified version of the leaked NSA exploit EternalRomance in this week’s Bad Rabbit attack.
Researchers have linked the Bad Rabbit ransomware attack to this summer’s ExPetr/Not Petya outbreak.
A ransomware attack called BadRabbit has put a halt to business inside a handful of Russian and Ukrainian businesses.
The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process.
Sofacy has been using a lure document connected to a cyber conflict conference to target researchers and others interested in cybersecurity.
A joint Technical Alert, TA17–293A, describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems.
Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attachments using a DDE technique that Microsoft says is an Office feature and does not merit a security patch.
