All these vulnerabilities are related to the minimum segment size (MSS) and TCP selective acknowledgment (SACK) capabilities. ‘SACK Panic’ is the most severe vulnerability of all the flaws. Four TCP networking vulnerabilities in FreeBSD and Linux kernels have been discovered by security researchers recently. All these vulnerabilities are related to the minimum segment size (MSS) and TCP selective acknowledgment ...
Read More »Cyber Security News
Mermaids transgender charity data breach exposed confidential emails
Mermaids UK has apologized for an “inadvertent” data breach which exposed private messages between the charity and the parents of gender variant and transgender children. As first reported by the Sunday Times last week, over 1,000 pages of confidential emails were leaked online, including “intimate details of the vulnerable youngsters it [the charity] seeks to help.” The letters, sent between 2016 ...
Read More »Reported losses from NBN scams increase by nearly 300% in 2019: ACCC
Australian consumers reported over AU$110,000 in monthly losses from NBN scams in the January-May 2019 period, according to the Australian Competition and Consumer Commission (ACCC). Compared to the average monthly losses of AU$38,500 in 2018, this is a near 300% increase. “People aged over 65 are particularly vulnerable, making the most reports and losing more than AU$330,000 this year. That’s ...
Read More »Update: Over 20 million affected in massive AMCA data breach
The data was compromised after AMCA’s payment system was breached on August 1, 2018, and remained vulnerable till March 30, 2019. AMCA has started notifying consumers whose credit card number, social security number or lab test order information may have been accessed. Maryland Attorney General Brian E. Frosh is alerting Marylanders that their medical and other private information may have ...
Read More »Distributed Denial of Service attack on Telegram causes service outages
The attack caused services outages primarily in South and North America. However, users in the United Kingdom, the Netherlands, Germany, Ukraine, Russia, Australia, and China also faced connection issues and network disruptions. A Distributed Denial of Service (DDoS) attack on Telegram messenger caused service outages and connection problems for users at certain parts of the world. Which countries were impacted? ...
Read More »Major airplane parts manufacturer ASCO hit with ransomware attack
ASCO factory in Zaventem, Belgium was hit by a ransomware infection causing major downtime as most of the plants IT systems were infected. ASCO shut down production in factories across Germany, Canada, and the United States. What is the issue? ASCO, one of the largest airplane parts manufacturer, suffered a ransomware attack crippling production in factories across four countries. What ...
Read More »Microsoft fixes 88 flaws, Adobe security updates, Intel’s advisories, and many more: Patch Tuesday – Week 2, June 2019
Adobe Adobe has released security updates to fix major vulnerabilities in its Adobe Flash, Adobe ColdFusion, and Adobe Campaign software products. The update for Flashpatches a critical use-after-free vulnerability (CVE-2019-7845) that can lead to arbitrary code execution (ACE) attack. The ColdFusion updates also address three critical ACE vulnerabilities (CVE-2019-7838, CVE-2019-7839, and CVE-2019-7840) in the platform. On the other hand, seven vulnerabilities that existed ...
Read More »Vulnerability in SymCrypt could allow an attacker to perform DoS on any Windows server
The vulnerability could allow an attacker to perform DoS on any Windows server such as IPsec, Internet Information Services (IIS), and Microsoft Exchange Server. The researcher found out that any program on the system that processes the X.509 digital certificate will trigger the vulnerability causing deadlock. A vulnerability researcher at Google, Tavis Ormandy, uncovered a vulnerability in the primary cryptographic ...
Read More »‘Triple Threat’ Ransomware Attack Cripples Email Systems and Services of Lake City
The ‘Triple Threat’ ransomware program had combined three different methods of attack to target the City’s network systems. This has forced the city’s email systems, land-line phones, and credit card services to shut down. The Lake City Police Department is investigating a ransomware attack on their city network systems that resulted in the shutdown of several emergency services. The ransomware ...
Read More »New malspam campaign exploits DNS records to target victims
The spam campaign, which specifically targeted UK users, relied on DNS TXT records and redirected users to a fraudulent trading site. IP addresses associated with the campaign are likely linked with Necurs botnet. A new malspam campaign targeting UK users has been spotted in the wild. MyOnlineSecurity.com which came across a number of spam emails related to this campaign found ...
Read More »