Xwo botnet scans for exposed web services and default passwords

A newly discovered botnet dubbed Xwo has been scanning the internet for exposed web services and default passwords. The malware was discovered by AT&T's Alien Labs back in March and is related to malware families MongoLock and Xbash.

Continue Reading Xwo botnet scans for exposed web services and default passwords

Operation ShadowHammer hijacks ASUS Live Update to install backdoor

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

Continue Reading Operation ShadowHammer hijacks ASUS Live Update to install backdoor

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy."

Continue Reading NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

WordPress GDPR compliance plugin vulnerability exploited

Critical vulnerabilities in a popular WordPress GDPR Compliance plugin was being exploited in the wild by hackers. WordPress since released version 1.4.3 that patched the critical flaws.

Continue Reading WordPress GDPR compliance plugin vulnerability exploited