AWS FreeRTOS Bugs Allow Compromise of IoT Devices
The bugs let hackers crash IoT devices, leak their information, and completely take them over. Go to Source
Trivial Post-Intrusion Attack Exploits Windows RID
Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise. Go to Source
Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors. Go to Source
New APT Could Signal Reemergence of Notorious Comment Crew
A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew’s proprietary code. Go to Source
Tumblr Privacy Bug Could Have Exposed Sensitive Account Data
Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed. Go to Source
GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure
The group is a successor to BlackEnergy and a subset of the TeleBots gang–and its activity is potentially a prelude to a much more destructive attack. Go to Source
Oracle Fixes 301 Flaws in October Critical Patch Update
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0. Go to Source
libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected. Go to Source
Podcast: A Utility Ransomware Attack, Post-Hurricane
A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said… Podcast: A Utility Ransomware Attack, Post-Hurricane
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
The vendor only plans to patch two of the eight impacted devices, according to a researcher. Go to Source