Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: 0day

A cryptojacking campaign affects more than 200,000 MikroTik routers

A researcher group from SpiderLabs (Trustwave) has found a new botnet consisting of more than 200,000 MikroTik routers, that injects a serie of Coinhive scripts to mine cryptocurrencies using the...

References:

trustwave.com

redeszone.net

welivesecurity.com

Tags:

Three iPhone 0-day used for spyware

The new version IOS 9.3.5 has fixed three vulnerabilities that until now they have been used by a spyware named Pegasus, apparently created by NSO Group, an Israeli cyber-espionage services...

References:

citizenlab.org

unaaldia.hispasec.com/

support.apple.com

nytimes.com

wired.com

washingtonpost.com

blog.lookout.com

Tags:

Sauron, an APT that spies ciphered communication

A APT active since October 2011, named ProjectSauron, has been recently discovered. This APT, which advanced design seems related to a national intelligence agency, has affected specific...

References:

symantec.com

kaspersky.com

threatpost.com

Tags:

Public administration

0day in Seagate NAS devices

Beyond Binary has published a 0day report that affects NAS devices from Seagate. The vulnerability allows unauthenticated attackers to perform remote code execution, provided that they are located...

References:

isc.sans.edu

securityaffairs.co

securityweek.com

net-security.org

Tags:

0day

Vulnerability

Misfortune Cookie

Check Point researchers have detected a vulnerability that would affect more than 12 million devices in 189 countries.The vulnerability is due to an incorrect handling of the HTTP cookies in the...

References:

mis.fortunecook.ie

elmundo.es

securityaffairs.co

Tags:

0day

Vulnerability

APT BlackEnergy y 0day Sandworm

Siguiendo un proceso de revelación responsable, iSIGHT ha publicado el descubrimiento de una nueva vulnerabilidad 0day, que afecta al gestor de paquetes OLE en Microsoft Windows y Microsoft Server....

References:

sightpartners.com

incibe-cert.es

welivesecurity.com

blog.trendmicro.com

abcnews.go.com

securityaffairs.co

us-cert.gov

Tags:

Corporate access

Cybersecurity Highlights

A cryptojacking campaign affects more than 200,000 MikroTik routers

Three iPhone 0-day used for spyware

Sauron, an APT that spies ciphered communication

0day in Seagate NAS devices

Misfortune Cookie

APT BlackEnergy y 0day Sandworm

Pages