Recommended Action for Linux Kernel Vulnerability
Recently, a critical zero day vulnerability in a Linux kernel module was publicized. If successfully exploited on a Linux device, this vulnerability would allow an attacker to potentially execute arbitrary code with escalated privileges. Devices running Linux kernel 3.8 or higher are potentially vulnerable to this bug, meaning millions of Linux devices and around two […]
Targeted Wire Transfer Scams on the Rise
While not new, targeted wire transfer scams are alive and well and we recommend that you check your processes to guard against them. These scams start by targeting corporate executives and attempt to convince their targets to wire funds to accounts controlled by the fraudsters. In one variant of the attack, the scammer will register […]
Sandworm – Microsoft Windows Zero-day Vulnerability
What is a Zero-day Vulnerability? A zero-day vulnerability is like a hidden door in a computer program that hackers find before anyone else knows about it and is often times in the program when it ships to customers, unknown to the publishers. Since nobody knows about it, there are zero days to fix it before […]
Shellshock Bash Vulnerability
Shellshock/Bash is a major new vulnerability that affects Unix, Linux and Mac users. This remote code execution vulnerability exists in almost every version of the GNU Bourne Again Shell (Bash). See CVE-2014-6271 in National Vulnerability Database: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 Description of CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment […]