Application Security Archives - Page 5 of 8

Operation ShadowHammer hijacks ASUS Live Update to install backdoor

Application Security, Cybersecurity Attacks, Third-Party Security / Frank Crast / March 25, 2019 / ASUS, CCleaner, firmware, Kaspersky, ShadowHammer, ShadowPad, third party

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

Operation ShadowHammer hijacks ASUS Live Update to install backdoor Read More »

Crypto miners exploit vulnerable Docker hosts

Application Security, Cloud Security, Vulnerabilities & Exploits / Frank Crast / March 5, 2019 / API, CVE-2019-5736, Docker, Imperva

Security researchers from Imperva have found thousands of Docker hosts exposed to a new vulnerability and exposed remote Docker API. The new research describes the threat along with sample scripts and what can be done about it.

Crypto miners exploit vulnerable Docker hosts Read More »

DNS hijacking cyber attacks on domains worldwide

Application Security, Cybersecurity Attacks, Network Security / Frank Crast / January 12, 2019 / Cisco, DNS, DNS-over-TLS, FireEye, hijacking, MFA, SSL

Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe.

DNS hijacking cyber attacks on domains worldwide Read More »

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

Application Security, Server Security, Standards & Guidelines, Third-Party Security / Frank Crast / December 20, 2018 / NIST, Privacy, Risk, RMF, SP 800-37

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations Read More »

WordPress GDPR compliance plugin vulnerability exploited

Application Security, Cybersecurity Attacks, Regulations & Laws, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 13, 2018 / GDPR, Vulnerabilities, WordPress

Critical vulnerabilities in a popular WordPress GDPR Compliance plugin was being exploited in the wild by hackers. WordPress since released version 1.4.3 that patched the critical flaws.

WordPress GDPR compliance plugin vulnerability exploited Read More »

Misconfigured Docker containers abused to deliver cryptocurrency mining malware

Application Security, Malware / Frank Crast / October 26, 2018 / 2375/TCP, 2376/TCP, API, Containers, Cryptocurrency, Docker, malware

Researchers at Trend Micro have recently spotted malicious activity abusing systems running misconfigured Docker containers.

Misconfigured Docker containers abused to deliver cryptocurrency mining malware Read More »

Air Canada mobile app data breach

Leave a Comment / Application Security, Data Privacy, Mobile Security / Frank Crast / August 30, 2018 / Air Canada, Data Breach, mobile, Privacy

Air Canada notified customers of a data breach involving the airline’s mobile application and potentially impacting thousands of user profiles.

Air Canada mobile app data breach Read More »

TLS 1.3 protocol is officially standard

Application Security, Cryptography, Data Privacy, Standards & Guidelines / Frank Crast / August 14, 2018 / encryption, IETF, RFC 8446, SSL, TLS, TLS 1.3

The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.

TLS 1.3 protocol is officially standard Read More »