Following Apple’s March release of patches, Trend Micro reported two of the discovered vulnerabilities. Left unpatched, these macOS flaws can be used by attackers in escalating admin privileges to access restricted information or open systems to attacks.
Read More
We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Aside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. The aforementioned variants all use factory default credentials via Telnet to brute force their way in and spread to other devices.
Read More
This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability (CVE-2018-8589) that is already being used in malicious attacks.
Read More
Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018.
However, the prevalence of these older threats should not be misconstrued as a sign that threat actors are resting on their laurels. In fact, it should be taken as proof that they are constantly improving proven tools and techniques to get ahead in the never-ending cat-and-mouse game between cybercriminals and security providers.
Read More This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
Read More