We Secure blog

Welcome to the We Secure blog, catch up on latest security news.

New Drupal RCE vulnerability under active exploitation, patch ASAP!


Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement the update can implement standalone patches, but before doing so they have to apply the fix from SA-CORE-2018-002 … More

The post New Drupal RCE vulnerability under active exploitation, patch ASAP! appeared first on Help Net Security.



Sourced by – helpnetsecurity



Apple device users, stay away from QR codes until you upgrade


It’s time to update your Mac and iOS-powered devices again: Apple has plugged four vulnerabilities, two of which could be exploited to execute arbitrary code if a user visits a malicious website. The two critical vulnerabilities (CVE-2018-4200, CVE-2018-4204) affect WebKit, the web browser engine used in Apple’s Safari browser (both the Mac and the iOS version). They have been discovered and flagged by Ivan Fratric of Google Project Zero and Richard Zhu working with Trend … More

The post Apple device users, stay away from QR codes until you upgrade appeared first on Help Net Security.



Sourced by – helpnetsecurity



Researchers discover next generation phishing kit


Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. A posting on the Dark Net that advertises the [A]pache phishing kit Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor … More

The post Researchers discover next generation phishing kit appeared first on Help Net Security.



Sourced by – helpnetsecurity



MyEtherWallet users robbed after successful DNS hijacking attack


Unknown attackers have managed to steal approximately $150,000 in Ethereum from a number of MyEtherWallet (MEW) users, after having successfully redirected them to a phishing site posing as MyEtherWallet.com. The redirection was seamless, and the only thing that gave some indication that the phishing site is not what it pretended to be was the warning showed to visitors saying that the TLS certificate used by the site was signed by an unknown authority (i.e., was … More

The post MyEtherWallet users robbed after successful DNS hijacking attack appeared first on Help Net Security.



Sourced by – helpnetsecurity



Effective intrusion detection for the Internet of Things


A group of researchers have devised a self-learning system for detecting compromised IoT devices that does not require prior knowledge about device types or labeled training data to operate. “We propose a novel approach that combines automated device-type identification and subsequent device-type-specific anomaly detection by making use of machine learning techniques. Using this approach, we demonstrate that we can effectively and quickly detect compromised IoT devices with little false alarms, which is an important consideration … More

The post Effective intrusion detection for the Internet of Things appeared first on Help Net Security.



Sourced by – helpnetsecurity