Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••


305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Read the original article here
Software Security

Larry Cashdollar, senior security response engineer at Akamai, has been finding CVEs since the 1990s, around when MITRE was first being established. Since then, he’s found 305 CVEs – as well as various security findings, such an IoT bricking malware called Silex, and cybercriminals targeting poorly secured Docker images.

Cashdollar shares his craziest bug finding stories, including his first flaw (CVE-1999-0765) found during his position as a UNIX Systems Administrator, which accidentally threw a wrench in a demo for a Navy Admiral on the Aegis destroyer class ship.

Beyond his own personal stories, Cashdollar shares the top pieces of advice he would impart on today’s security researchers and those hunting for vulnerabilities. Listen to more on the Threatpost podcast.

Find out how the sollutions we offer can help you to make sure your systems are safe

InterPlanetary Storm cross-platform P2P botnet discovered

Cyber Defense

IPStorm's ability to infect Android, macOS and Windows devices as well as those that are Linux-based makes it much more dangerous.

What sets this botnet apart from others is that it's built on top of the InterPlanetary File System (IPFS), a protocol for storing and sharing data in a distributed file system.
This means the infected devices become part of a peer-to-peer network and talk directly to each other, giving the botnet more resilience against takedown attempts

Contact us for a test with Cymulate Breach and Attack Simulation

German-made FinSpy spyware package discovered

Cyber Defense

FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh.
Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more.

Amnesty International's Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to Human Rights Defenders.

While continuing research into this group's activity, new samples of FinSpy were discovered to be distributed for Microsoft Windows through a fake Adobe Flash Player download website.

Through additional technical investigations into this most recent variant, Amnesty's Security Lab also discovered, exposed online by an unknown actor, new samples of FinSpy for Windows, Android, and previously undisclosed versions for Linux and MacOS computers.

Contact us for a test with Cymulate Breach and Attack Simulation
Load more