German security researchers claim to have found a new practical attack against virtual machines (VMs) protected using AMD’s Secure Encrypted Virtualization (SEV) technology that could allow attackers to recover plaintext memory data from guest VMs. AMD’s Secure Encrypted Virtualization (SEV) technology, which comes with EPYC line of processors, is a hardware feature that encrypts the memory of each VM in ...
Read More »Author Archives: firewallfirmadmin
Researchers unearth a huge botnet army of 500,000 hacked routers
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco’s Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter, that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well ...
Read More »Hackers are exploiting a new zero-day flaw in GPON routers
Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven’t yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day ...
Read More »DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide
Widespread routers’ DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users’ login credentials and the secret code for two-factor authentication. According to security researchers at Kaspersky Labs, ...
Read More »Upgrading cyber attacks to a Grade A risk status
Businesses do themselves a good deal of harm if they think it is only a tech issue and worryingly the Middle East’s response to combat the threat lags the rest of the world. Cybersecurity — you’re either ready or you’re not. The alarm has been sounding for quite some time. It is no longer a question of if your organisation ...
Read More »2018: Scariest Year of Evil Things on the Internet
Acts of evil on the internet are on the rise, according to the 2018 Internet of Evil Things survey. In its fourth consecutive year, the survey, conducted by Pwnie Express, polled more than 500 security professionals and found their collective responses to be “the scariest survey results we’ve seen yet.” The report indicates that security professionals have a heightened concern for growing threats, ...
Read More »Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests
Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using uncached memory or flush instruction while processing ...
Read More »Barracuda Launches Web Application Firewall as a Service
Barracuda is making its Web Application Firewall platform available in a cloud-delivered model that benefits from a new management interface and improved configuration. Barracuda Networks announced its cloud-delivered Web Application Firewall (WAF) service on May 16, providing organizations with a new approach to managing and deploying application security. The Barracuda WAF-as-a-Service offering builds on the company’s existing WAF products, which ...
Read More »Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext
For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered yesterday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing remote attackers to inject malicious code on ...
Read More »Around 57% Indian IT managers can’t identify network traffic and 61% are clueless about bandwidth consumption: Sophos report
Nearly 57 percent Indian IT managers can’t identify network traffic while 61 percent don’t know how their bandwidth is consumed, a new report said on Wednesday, adding that the majority of Indian IT managers have legal liabilities when it comes to unidentified traffic at their workplaces. According to British IT security company Sophos’ global survey titled The Dirty Secrets of Network ...
Read More »