Systems News, Articles and Updates

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Fancy Bear targets defence contractors email to steal tech secrets

Russian hacking group Fancy Bear, have exploited weakspots in the email systems of defence contract workers to access top secret information on US defence technology, including drones.

Cyber-criminals exploiting traditional trust measures for compromises

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

£12m pa - the hidden costs of maintaining endpoint security solutions

Enterprises across the globe are now investing heavily in licensing and deployment of endpoint security solutions to protect their IT systems but fail to spot hidden costs of human skills and effort required.

Hackers using sophisticated malware to target Winter Olympics organisations

Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.

Attackers exploit critical Adobe Flash Player zero-day bug; no patch yet

Adobe Systems says it plans to address a critical zero-day vulnerability in Flash Player that a researcher asserts is being actively exploited in the wild to attack South Koreans conducting research on North Korea.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

Hackers exploit flaw in enterprise software to deploy Monero cryptominer

Security researchers recently observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner software to users' systems by leveraging Kaseya Ltd's Virtual Systems Administrator (VSA).

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).

Hackers could steal from shipping companies by diverting cargo payments

Security researchers have found that freight messaging systems can be subverted to send money to criminals.

Irish Zoo scammed, approximately €500,000 stolen

Most humans have a soft spot for animals. Cyber-criminals are another breed obviously, as evidenced by the Dublin Zoo's computer system getting breached so the payments due were electronically redirected to a criminal's account.

Building management systems still ripe for hacking

The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.

BlackBerry recommendations for connected car security; cyber-crime target

As our cars become more connected and our society moves closer to wide spread autonomous driving, researchers and companies alike are calling for national standards to help secure connected vehicles.

Updates address vulnerabilities in Apache Struts versions 2.5 to 2.5.14

A pair of security updates released by the Apache Software Foundation patch vulnerabilities in Apache Struts versions 2.5 to 2.5.14 that would let a remote attacker take control of a system, according to a US-CERT alert.

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

A rusty deterrent? Trident to get upgrade from BAE

The Ministry of Defence is to bolster the cyber-security systems of its HMS Vanguard fleet of nuclear submarines otherwise known as Trident.