A hidden feature in some newer models of the vendor’s programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it. An undocumented access feature in some newer models of Siemens programmable logic controllers (PLCs) can be used as both a weapon by attackers as well as a forensic tool
The ransomware operators targeted an “unquoted path” vulnerability in iTunes for Windows to evade detection and install BitPaymer. Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report. Back in August, the Morphisec team noticed attackers targeting the network of
The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices. Researchers with Google’s Project Zero have disclosed a zero-day local privilege escalation vulnerability in its Android mobile operating system that could let an attacker assume control of affected devices. Evidence shows the bug is being exploited in the wild, they report. Hundreds
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say. Microsoft SharePoint vulnerability CVE-2019-0604 is under active attack, according to AT&T Alien Labs researchers, who cite instances of exploitation from around the world. CVE-2019-0604 is a remote code execution vulnerability that exists when SharePoint fails to verify the source markup of
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals. It should come as no surprise that cybercriminals favored Microsoft Office vulnerabilities in their cyberattacks last year, given the rise in phishing attacks that included rigged Word and Excel Office file attachments. Eight of the top 10 most exploited vulnerabilities in 2018
Photo: Gil C/Shutterstock.com In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent. Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional.