December 2020

Norway: Russian APT28 State Hackers Likely Behind Parliament Attack Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste). Attackers gained access to a limited number of Stortinget email accounts of representatives and employees as Read more…

Severe MDHexRay Bug Affects 100+ GE Healthcare Imaging systems A vulnerability in GE Healthcare’s proprietary management software used for medical imaging devices could put patients’ health privacy at risk, potentially their lives. The flaw received the name MDHexRay (CVE-2020-25179) and a severity score of 9.8 out of 10. It affects more Read more…

Credit Card Stealing Malware Bundles Backdoor For Easy Reinstall An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec. Threat actors behind these web skimming attacks (also known as Magecart) Read more…

Scammers Spoof Target’s Gift Card Balance Checking Page It’s the giving season, and cybercriminals are more actively looking to steal gift cards. One of the most popular brands in their sight is giant retailer Target. A trick that crooks are currently pulling is to lure victims to fake sites that Read more…

All Kubernetes Versions Affected By Unpatched MiTM Vulnerability The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. Kubernetes (aka K8s), originally developed by Google and now maintained by Read more…

Robot Vacuum Cleaners Can Be Used By Hackers To ‘Spy’ On Private Conversations: NUS Study SINGAPORE: Your robot vacuum cleaner could be picking up private conversations along with the dust and dirt in your home. Computer scientists from the National University of Singapore (NUS) have demonstrated how a common robot Read more…

PlayStation Now Bugs Let Sites Run Malicious Code On Windows PCs Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. PlayStation Now reached more than 2.2 million subscribers [PDF] at the end of April 2020 since Read more…

Cisco Fixes Security Manager Vulnerabilities With Public Exploits Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and Read more…