Author Archives: Zeljka Zorz

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle’s Fusion Middleware portfolio and supports a variety of popular databases. These servers are often targeted by attackers, whether for cryptocurrency mining or as a way into other enterprise systems. About the vulnerability (CVE-2020-14882) CVE-2020-14882 may allow unauthenticated attackers with … More

The post Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882) appeared first on Help Net Security.

Healthcare network security is slowly improving

Healthcare delivery organizations (HDOs) have been busy increasing their network and systems security in the last year, though there is still much room for improvement, according to Forescout researchers. This is the good news: the percentage of devices running Windows unsupported operating systems fell from 71% in 2019 to 32% in 2020 and there have been improvements when it comes to timely patching and network segmentation. The bad news? Some network segmentation issues still crop … More

The post Healthcare network security is slowly improving appeared first on Help Net Security.

A new threat matrix outlines attacks against machine learning systems

A report published last year has noted that most attacks against artificial intelligence (AI) systems are focused on manipulating them (e.g., influencing recommendation systems to favor specific content), but that new attacks using machine learning (ML) are within attackers’ capabilities. Microsoft now says that attacks on machine learning (ML) systems are on the uptick and MITRE notes that, in the last three years, “major companies such as Google, Amazon, Microsoft, and Tesla, have had their … More

The post A new threat matrix outlines attacks against machine learning systems appeared first on Help Net Security.

Hackers breach psychotherapy center, use stolen health data to blackmail patients

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. Therapist session notes of some 300 patients have already been published on a Tor-accessible site on the dark web. Among the victims are Finnish politicians (e.g., Member of Parliament Eeva-Johanna Eloranta) and minors. What is known about the … More

The post Hackers breach psychotherapy center, use stolen health data to blackmail patients appeared first on Help Net Security.

Safari, other mobile browsers affected by address bar spoofing flaws

Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites. “With ever growing sophistication of spear phishing attacks, exploitation of browser-based vulnerabilities such as address bar spoofing may exacerbate the success of spear phishing attacks and hence prove to be very lethal,” he noted. “First and foremost, it is easy to persuade the victim into stealing … More

The post Safari, other mobile browsers affected by address bar spoofing flaws appeared first on Help Net Security.

25 vulnerabilities exploited by Chinese state-sponsored hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and … More

The post 25 vulnerabilities exploited by Chinese state-sponsored hackers appeared first on Help Net Security.

US charges Sandworm hackers who mounted NotPetya, other high-profile attacks

The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate (GRU), the US Department of Justice (DoJ) claimed as it unsealed an indictment against six hackers and alleged members on Monday. Sandworm Team attacks “These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: Ukraine; Georgia; elections in France; efforts to hold Russia accountable … More

The post US charges Sandworm hackers who mounted NotPetya, other high-profile attacks appeared first on Help Net Security.

Magento, Visual Studio Code users: You need to patch!

Microsoft and Adobe released out-of-band security updates for Visual Studio Code, the Windows Codecs Library, and Magento. All the updates fix vulnerabilities that could be exploited for remote code execution, but the good news is that none of them are being actively exploited by attackers (yet!). Microsoft’s updates Microsoft has fixed CVE-2020-17023, a remote code execution vulnerability in Visual Studio Code, its free and extremely popular source-code editor that’s available for Windows, macOS and Linux. … More

The post Magento, Visual Studio Code users: You need to patch! appeared first on Help Net Security.

Critical infrastructure and industrial orgs can test Azure Defender for IoT for free

Azure Defender for IoT – Microsoft’s new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities – is now in public preview and can be put to the test free of charge. The solution can alert administrators about unauthorized devices connected to the network and unauthorized connections to the internet, changes to firmware versions, potentially malicious commands, illegal DNP3 operations, known malware, unauthorized SMB logins, and more. About Azure Defender for IoT “As industrial … More

The post Critical infrastructure and industrial orgs can test Azure Defender for IoT for free appeared first on Help Net Security.

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More

The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security.