January 2018 - Securezoo

Oracle MICROS POS vulnerability

Leave a Comment / Vulnerabilities & Exploits / By Frank Crast / January 31, 2018 December 31, 2018

Security researchers from ERPScan discovered a high severity vulnerability in MICROS point-of-sale (POS) terminals that could allow hackers to read sensitive data.

Fitness app users could expose military bases

Fitness app and social media company Strava has introduced a Global Heatmap service, that may have allowed many service people to inadvertently expose the locations of their military bases.

Malvertising campaign delivers cryptocurrency miners

Cybersecurity Attacks, Malware / By Frank Crast / January 26, 2018 March 20, 2021

Cyber criminals are abusing Google’s DoubleClick service to deliver a Coinhive cryptocurrency miner as part of a malicious campaign.

US Media twitter accounts attacked

Leave a Comment / Cybercrime, Cybersecurity Attacks, Phishing / By Frank Crast / January 26, 2018 December 31, 2018

A large attack campaign that has targeted high-profile, verified Twitter accounts with the purpose of spreading Turkish political propaganda.

Skype, Slack and other apps vulnerable to Electron framework bug

Leave a Comment / Application Security, Vulnerabilities & Exploits / By Frank Crast / January 25, 2018 December 31, 2018

Hundreds of popular software applications that are developed using the Electron framework may be vulnerable to remote execution flaws.

PCI security standards for mobile point of sale

Leave a Comment / Mobile Security, Standards & Guidelines / By Frank Crast / January 25, 2018 December 31, 2018

The PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), to include smartphones and tablets.

WordPress plugin vulnerability fixed

Leave a Comment / Messaging Security, Vulnerabilities & Exploits / By Frank Crast / January 24, 2018 December 31, 2018

A popular WordPress plugin ‘Email Subscribers & Newsletters’ was found to have a vulnerability that could allow an unauthenticated attacker to download subscriber lists on over 100,000 WordPress websites.

Intel issues new Spectre/Meltdown patch guidance

Leave a Comment / Security Updates & Patches / By Frank Crast / January 23, 2018 December 31, 2018

Intel said the root cause of the reboot issues have been identified. To that end, the company said customers and partners should not install its current versions of Spectre/Meltdown patches rolled out earlier this month as they “may introduce higher than expected reboots and other unpredictable system behavior.”

New Dridex malware campaign uses FTP sites

Leave a Comment / Cybersecurity Attacks, Malware / By Frank Crast / January 22, 2018 June 15, 2020

Security researchers have spotted a new email campaign last week that is distributing a new variant of the Dridex banking trojan.

Gemalto vulnerabilities could expose industrial control systems

Leave a Comment / Vulnerabilities & Exploits / By Frank Crast / January 22, 2018 July 28, 2021

Security researchers discovered 14 vulnerabilities in Gemalto Sentinel LDK tool that can expose Industrial Control Systems (ICS) and corporate systems to remote attacks if unpatched.

Month: January 2018