Cisco has quickly provided a workaround for one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers. The networking giant today released advisories saying that it had acknowledged both flaws in its Adaptive Security Appliance (ASA), the newest of which...

Cisco has quickly patched one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers. The networking giant today released advisories saying that it had fixed both flaws in its Adaptive Security Appliance (ASA), the newest of which was...

Cisco has quickly patched two vulnerabilities that were disclosed in the ShadowBrokers’ data dump. The networking giant today released advisories that it had fixed the flaws in its Adaptive Security Appliance (ASA), one of which was rated high severity; both of the vulnerabilities enable remote code execution. The ShadowBrokers are an unknown group of hackers...

It didn’t take long for attackers to start capitalizing on the popularity of Pokémon GO. Shortly after Niantic, the company behind the now ubiquitous app, released it last month, researchers spotted a malicious, backdoored version of the app on a file repository service. Now attackers are pushing SMS spam messages to entice Pokémon GO players to visit...

Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. While Mozilla said it has patched the flaw in the affected Android version of the Firefox browser, Google said Chrome will be fixed in an upcoming September release. Some details about the flaw...

A high-stakes game of attribution started by a group claiming to have a cache of exploits belonging to the Equation Group took a somewhat definitive turn Tuesday afternoon. Researchers at Kaspersky Lab yesterday confirmed a connection between the tools currently up for auction by the ShadowBrokers and Equation Group exploits and malware that researchers at...

Researchers today identified a series of ongoing targeted attacks primarily designed to steal sensitive corporate financial data from industrial and engineering organizations in the Middle East. The group behind the campaign, nicknamed Operation Ghoul by researchers at Kaspersky Lab’s Global Research and Analysis Team, has carried out attacks against 130 organizations in 30 countries to date according to...

To say the VeraCrypt audit, which begins today, got off to an inauspicious start would be an understatement. On Sunday, two weeks after the announcement that the open source file and disk encryption software would be formally scrutinized for security vulnerabilities, executives at one of the firms funding the audit posted a notice that four...

Attackers behind the Vawtrak banking Trojan have been keeping busy, updating the malware over the last few weeks with new a domain generation algorithm (DGA) and SSL pinning capabilities. Research published by security firm Fidelis on Tuesday explains the updates and breaks down how Vawtrak’s DGA generates domains, connects to them, and validates their certificates. Researchers looked at two samples they observed on July 28...

Researchers claim to have found the largest ransomware-as-a-service (RaaS) ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Software Technologies and IntSights, the RaaS ring consists of 161 active campaigns with...