Security News
An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution vulnerability to compromise database servers. The miner takes a fileless approach, deleting the PostgreSQL table right after code launch, researchers said: PGMiner clears the "Abroxu" table if it exists, creates a new "Abroxu" table with a text column, saves the malicious payload to it, executes the payload on the PostgreSQL server and then clears the created table.
Findings highlight gaps in stress levels between workers at different job levels and industries and how increased usage of collaboration and UC applications has impacted the success of internal communication at enterprises. It's no surprise that stress levels amongst employees have increased in the wake of the pandemic.
A critical vulnerability addressed earlier this year in the PlayStation Now application for Windows could have been exploited by malicious websites to execute arbitrary code. The PlayStation Now application allows users to access an on-demand game collection directly from their Windows PCs. To enjoy the games, users also need a PlayStation Network account and a compatible controller.
UPDATED Infosec researchers at Palo Alto Networks' Unit 42 threat intelligence unit spotted a pair of prominent Chinese apps leaking personal data, and after it informed Google the ad giant dumped the apps from its Play store. Baidu says the personal information was only used to enable push functionality and that the privacy agreement in its apps disclosed that use.
MIT researchers have developed a system that could bring deep learning neural networks to new - and much smaller - places, like the tiny computer chips in wearable medical devices, household appliances, and the 250 billion other objects that constitute the IoT. The system, called MCUNet, designs compact neural networks that deliver unprecedented speed and accuracy for deep learning on IoT devices, despite limited memory and processing power. IoT devices often run on microcontrollers - simple computer chips with no operating system, minimal processing power, and less than one thousandth of the memory of a typical smartphone.
Researchers from the Computer Security and Industrial Cryptography group at the KU Leuven university in Belgium have demonstrated that a Tesla Model X can be stolen in minutes by exploiting vulnerabilities in the car's keyless entry system. The attack method identified by the COSIC researchers targets the Tesla Model X key fob, which uses Bluetooth Low Energy to communicate with the vehicle.
A critical vulnerability uncovered in Real-Time Automation's 499ES EtherNet/IP stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "Standard for factory floor I/O applications in North America."
Palo Alto Networks security researchers identified more than 20 Amazon Web Services APIs that can be abused to obtain information such as Identity and Access Management users and roles. The same attack could be leveraged to abuse 22 APIs across 16 different AWS services to obtain the roster of an account, get a glimpse into an organization's internal structure, and leverage the information to launch targeted attacks against specific individuals.
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White.
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The flaws were responsibly reported to Cisco's Product Security Incident Response Team three months ago, on July 13.