Here are this week’s highlights in cybersecurity:

  • Unpatched bug in popular DNS C library called uClibc puts IoT devices at risk. Root cause is DNS transaction ID is predictable so an attacker can poison DNS replies. More
  • Executing malware using file-less techniques in read-only containers. More
  • Exploit Development: exploiting Dynamic Linking Procedure in x64 ELF Binaries. More
  • Chinese actors targeting Asian telecom providers make use of DLL side-loading in popular Antivirus software to load malware. More
  • A vulnerability set dubbed TLStorm 2.0 (following version 1 disclosed in March) exposes network switches from Avaya and Aruba to remote code execution. More
  • Several threat actors have moved from BazaLoader to Bumblebee to deploy their malware. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.