Threat Actors Eyeing IQY Files To Peddle Malspam
The Necurs Botnet, DarkHydrus and other threat actors are turning to the inconspicuous files. Go to Source
U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy
The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” Go to Source
Active Spy Campaign Exploits Unpatched Windows Zero-Day
The PowerPool gang launched its attack just two days after the zero-day in the Windows Task Scheduler was disclosed. Go to Source
Mozilla Patches Critical Code Execution Bug in Firefox 62
The update includes nine security patches overall. Go to Source
High-Severity Flaws in Cisco Secure Internet Gateway Service Patched
The two bugs were disclosed Wednesday in Cisco Umbrella, the tech giant’s cloud-based security service. Go to Source
OilRig Sends an OopsIE to Mideast Government Targets
The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. Go to Source
Google Rolls Out 40 Fixes with Chrome 69
The official release of the version includes 40 fixes, seven of which are rated “High.” Go to Source
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. Go to Source
The Vulnerability Disclosure Process: Still Broken
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Go to Source
Tiny Island Atoll’s Domain Used in Widespread Ad Fraud
The campaign is believed to bring in close to $22,000 per month for bad actors. Go to Source