Researchers have uncovered a network of GitHub accounts containing backdoored versions of legitimate software. In some cases, the doctored applications secretly downloaded bot software that could be used to remotely bid on high-value sneakers. Researchers at DFIR.it seem to favour quality over quantity. They blog roughly once each year, but when they do it’s a doozy.
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly disclosed to Microsoft last year and was fixed last November, but there are likely still servers out there that haven’t been upgraded and are open to attack
Microsoft says it is working on a fix for an issue in the March 1 update for Windows 10 version 1809 that has been causing severe performance issues with several popular games, including Destiny 2.
The use of financial and banking Trojans against organizations and consumers alike is a problem which is steadily growing, with frequent attacks being recorded against enterprise organizations. Researchers from Kaspersky Labs revealed some interesting data relating to the use of financial malware, which was detected in close to 900,000 attacks against users in 2018 — an increase of 16 percent in comparison to 767,000 attacks in 2017.
BAE Systems says just seven percent of respondents to a recent survey say protection against revenue loss is a key reason to establish an cybersecurity incident response plan. That’s despite recent attacks that have caused devastation to IT infrastructure: shipping giant Maersk spent nearly £230 million following the NotPetya attack in 2017, when it had to rip out and replace 4,000 servers, 45,000 PCs and over 2,500 software applications.