Silensec Newsletter

Adobe updates fix code execution issues in Campaign, ColdFusion, and Flash

Adobe updates fix code execution issues in Campaign, ColdFusion, and Flash

Adobe's recent security updates for June 2019 address some critical arbitrary code execution vulnerabilities in Flash Player, Cold Fusion and Campaign products. Adobe fixed critical command injection, file extension blacklist bypass and deserialization vulnerabilities in ColdFusion.

The vulnerabilities could lead to arbitrary code execution on vulnerable systems.

Read more...

Telegram suffers 'powerful DDoS attack' from China during Hong Kong protests

Telegram suffers 'powerful DDoS attack' from China during Hong Kong protests

Telegram, one of the most popular encrypted messaging app, briefly went offline on the 13th of June, 2019 for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers.

Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters.

Read more...

Several vulnerabilities found in Cisco Industrial Network Director

Several vulnerabilities found in Cisco Industrial Network Director

Cisco on recently informed customers that several vulnerabilities, including a code execution flaw classified as "high severity," have been found in the company's Industrial Network Director product. While conducting internal security testing, Cisco employees identified three types of vulnerabilities in Industrial Network Director. The most serious of them, tracked as CVE-2019-1861 with a CVSS score of 7.2, is a remote code execution flaw.

Read more...

Hackers steal $9.5 million from GateHub cryptocurrency wallets

Hackers steal $9.5 million from GateHub cryptocurrency wallets

Cybercriminals have stolen 23.2 million Ripple coins (XRP), worth nearly $9.5M, from the users of the GateHub cryptocurrency wallet service. The company admitted to the security breach in a preliminary statement posted on its website. While the incident is still under investigation, the company believes the hacker abused its API to carry out the attacks, though it is unsure how.

Read more...

HawkEye malware operators renew attacks on business users

HawkEye malware operators renew attacks on business users

Researchers have reported an increase in HawkEye v9 keylogger infection campaigns targeting businesses around the world. In campaigns observed by the researchers in April and May 2019, the HawkEye malware focused on targeting business users, aiming to infect them with an advanced keylogging malware that can also download additional malware to their devices.

Read more...

Mozilla returns crypto-signed website packaging spec to sender - yes, it's Google

Mozilla returns crypto-signed website packaging spec to sender - yes, it's Google

Mozilla recently published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form.

Google engineers talked up the tech, which consists of several related projects that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access.

Read more...