Alerts & Bugs Cybersecurity News Firewall News Software Updates

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

securityforumadmin May 19, 2020 0

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412) On April 24, 2020, Sophos published knowledge base article KBA135412 which included necessary remediation steps to address vulnerability CVE-2020-12271. Sophos is enforcing a password reset for the XG administrator and all other

Alerts & Bugs

​State Farm customer accounts breached in credential stuffing attack

securityforumadmin August 9, 2019 0

Attackers used a list of usernames and passwords obtained via credential stuffing attack to access State Farm customers’ online accounts. The investigation revealed that attackers were able to confirm valid usernames and passwords for some online accounts, however, no personal information was accessed. What is the issue? Insurance company State Farm notified its customers

Alerts & Bugs

Data Breach Reminds: Configuration Is Key

securityforumadmin August 8, 2019 0

An Unfortunate Reminder If we’ve said it once, we’ve said it 1,000 times – and we’ll keep saying it: the right configuration is key for your network to be fully secure. We had another reminder this week, with news of a data breach affecting Capital One in which a hacker gained access to more than 100 million credit […]

Alerts & Bugs

Cylance Protect AV vulnerability patched

securityforumadmin August 7, 2019 0

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect. The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files.

Alerts & Bugs

MegaCortex variant redesigned a self-executing, incorporates features of previous version

securityforumadmin August 7, 2019 0

A new variant of MegaCortexransomware making its way across the U.S. and Europe has been recast as a self-executing menace that doesn’t require a password and is aimed at enterprises, according to a technical analysis released by researchers at Accenture iDefense. “The disadvantage of the first version was that actors had to run the ransomware manually or risk […]

Alerts & Bugs

Cabarrus County loses $1.7 million after being targeted in BEC scam

securityforumadmin August 1, 2019 0

Scammers posed as a representative of the Roanoke Branch and Associate and targeted employees of the County’s schools and government. The scam began in November 2018. Cabarrus County in North Carolina has lost over $1.7 million in a BEC scam. The scammers pretended to be contractors for the County’s new high school and had sent […]

Alerts & Bugs

New Android Ransomware Found Using SMS Spam for Propagation

securityforumadmin July 31, 2019 0

The malware does not encrypt files that have ‘zip’ or ‘rar’ extension. It also leaves the file unencrypted if its size is over 51,200 KB/50 MB and ‘.jpeg’, ‘.jpg’ and ‘.png’ files with less than 150KB. A new Android ransomware family, dubbed Android/Filecoder.C, has been found making attempts to infect users. The malware is leveraging […]

Alerts & Bugs

ShadowHammer attack installed backdoors on a million ASUS devices

securityforumadmin March 26, 2019 0

Backdoors added to ASUS computers through its software update platform resulted in what Kaspersky researchers are calling one of the largest supply chain incidents ever, “ShadowHammer,” which even surpassed the scope of the CCleaner attack. Researchers estimated malware was distributed to nearly a million people, although the cybercriminals appeared to have only targeted

Alerts & Bugs

Xtreme RAT: A deep insight into the remote access trojan’s high profile attacks

securityforumadmin March 25, 2019 0

Its capabilities include uploading or downloading files, manipulating running processes and services, capturing screenshots of victim’s computers, recording audios and videos via microphone or webcameras, and interacting with the registry. Its victims include financial organizations, telecom companies, gaming companies, the IT sector, the energy and utility sector, and

Alerts & Bugs

Firefox and Edge Fall to Hackers on Day Two of Pwn2Own

securityforumadmin March 23, 2019 0

Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition. Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pawn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, […]