Frank Crast

Microsoft fixes CredSSP vulnerability

Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.

Microsoft fixes CredSSP vulnerability Read More »

GitHub scans and finds 4M vulnerabilities

GitHub ran a security scan to find old vulnerabilities in JavaScript and Ruby libraries in over a half million public repositories. The scan results turned up over four million vulnerabilities and sent alerts to developers to patch the bugs. GitHub is leading software development platform used to host, review and manage software source code, used by millions of developers.

GitHub scans and finds 4M vulnerabilities Read More »

TEMP.Periscope cyber espionage group targets Engineering and Maritime Industries

A suspected Chinese-linked cyber espionage campaign dubbed Temp.Periscope has been targeting engineering and maritime industries. FireEye has observed a spike in the campaign activity since early 2018 and has tracked the activity since 2013.

TEMP.Periscope cyber espionage group targets Engineering and Maritime Industries Read More »

Russian cyber activity targets critical infrastructure and energy sectors

Russian government cyber activity has targeted U.S Government entities, energy and other critical infrastructure sectors. The activity has been active since at least March 2016, according to a US-CERT Technical Alert (TA).

Russian cyber activity targets critical infrastructure and energy sectors Read More »