In an announcement made last Thursday, Deputy Attorney General Rod J. Rosenstein said the charges include a “conspiracy to commit computer intrusions against dozens of companies in the United States and around the world.” The two defendants allegedly committed cyber crimes in association with a Chinese intelligence service, Ministry of State Security.
Attackers are using a variant of the infamous Mirai IoT botnet dubbed “Miori” to exploit a Remote Code Execution (RCE) vulnerability in ThinkPHP, a free open-source PHP framework.
The critical zero-day “Scripting Engine Memory Corruption” vulnerability (CVE-2018-8653) is being actively exploited on Windows systems by hackers.
The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”
Cisco has patched a vulnerability in the authorization subsystem of Cisco’s Adaptive Security Appliance (ASA) Software. An authenticated, unprivileged remote attacker could exploit the vulnerability to perform privileged actions by using the ASA web management interface.
Security researchers have discovered the use of malicious memes used to communicate with malware.
Attackers are using fake Office 365 non-delivery messages in new phishing attacks designed to steal your credentials.
WordPress released version 5.0.1 that fixes seven vulnerabilities.
The Mozilla Foundation issued a security advisory (2018-29) that addresses vulnerabilities in Firefox 64.
Adobe published security updates to address vulnerabilities in Adobe Acrobat and Reader.