Systems News, Articles and Updates

Chinese hackers snag secret missile plans in US Navy contractor breach

Hackers from the Chinese Ministry of State Security who broke into the systems of a contractor working for the US Naval Undersea Warfare Center stole 614GB of sensitive information.

Patched Cisco flaw lets attackers perform MITM attacks, steal credentials

Positive Technologies has elaborated on a critical remote code execution vulnerability its researchers discovered in the web interface of the Cisco Systems Access Control Server (ACS).

Researchers find easily-exploitable vulnerabilities in BMW's in-car systems

Security researchers at Tencent's Keen Security Lab have revealed that Internet-connected systems in several BMW cars feature vulnerabilities that allow malicious actors to hack into such vehicles via a set of remote attack surfaces.

Russian ops accessed US voter databases, says US Senate Intel Committee

While Russian-affiliated actors who took aim at US state election systems and the US voting process likely didn't change votes, in a few states they were able to access US voter registration databases.

NIS Directive comes into force to boost infrastructure cyber-security

The Security of Network Information Systems (NIS) Directive, which aims to ensure that critical infrastructure is protected from cyber-attacks and computer network failure, has come into force today with fines for non-compliance.

Some Volkswagen vehicles found susceptible to hack through Wi-Fi system

A Harman International auto entertainment system is once again at the centre of a car hacking issue as Dutch researchers have used the device's Wi-Fi connection to exploit an open port enabling remote code execution.

PoC code can crash Windows systems, even when locked

Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.

Insecure default configuration still endangering SAP users after 13 years

A critically vulnerable default security configuration in SAP systems that was first observed 13 years ago continues to exist in many current implementations, warns a new threat report from the ERP platform security experts at Onapsis.

IoT botnet actively exploiting Drupal CMS bug

Botnet uses compromised systems to spread infection. Security researchers have discovered a large botnet that is using a severe flaw in the Drupal CMS in order to infect other systems.

Global cyber-crime-based economy worth over £1.07 trillion, finds study

The global cyber-crime-based economy has become a self-sustaining system and oversees the theft, laundering, spending, and reinvesting of £1.07 trillion by cyber-criminals across the globe, a study by Bromium has revealed.

Intel SPI flash flaw could enable hackers to delete computer bios

Vulnerability could leave users with bricked systems. Intel has fixed a flaw that could prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence.

Cyber-attack knocks Energy Services Group offline

A cyber-attack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company's systems offline.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Fancy Bear targets defence contractors email to steal tech secrets

Russian hacking group Fancy Bear, have exploited weakspots in the email systems of defence contract workers to access top secret information on US defence technology, including drones.

Cyber-criminals exploiting traditional trust measures for compromises

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

£12m pa - the hidden costs of maintaining endpoint security solutions

Enterprises across the globe are now investing heavily in licensing and deployment of endpoint security solutions to protect their IT systems but fail to spot hidden costs of human skills and effort required.

Hackers using sophisticated malware to target Winter Olympics organisations

Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.

Attackers exploit critical Adobe Flash Player zero-day bug; no patch yet

Adobe Systems says it plans to address a critical zero-day vulnerability in Flash Player that a researcher asserts is being actively exploited in the wild to attack South Koreans conducting research on North Korea.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

Hackers exploit flaw in enterprise software to deploy Monero cryptominer

Security researchers recently observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner software to users' systems by leveraging Kaseya Ltd's Virtual Systems Administrator (VSA).

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).

Hackers could steal from shipping companies by diverting cargo payments

Security researchers have found that freight messaging systems can be subverted to send money to criminals.

Irish Zoo scammed, approximately €500,000 stolen

Most humans have a soft spot for animals. Cyber-criminals are another breed obviously, as evidenced by the Dublin Zoo's computer system getting breached so the payments due were electronically redirected to a criminal's account.

Building management systems still ripe for hacking

The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.

BlackBerry recommendations for connected car security; cyber-crime target

As our cars become more connected and our society moves closer to wide spread autonomous driving, researchers and companies alike are calling for national standards to help secure connected vehicles.

Updates address vulnerabilities in Apache Struts versions 2.5 to 2.5.14

A pair of security updates released by the Apache Software Foundation patch vulnerabilities in Apache Struts versions 2.5 to 2.5.14 that would let a remote attacker take control of a system, according to a US-CERT alert.

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

A rusty deterrent? Trident to get upgrade from BAE

The Ministry of Defence is to bolster the cyber-security systems of its HMS Vanguard fleet of nuclear submarines otherwise known as Trident.