Browsing category
Microsoft has worked hard to create and implement new security measures, from anti-exploit shields that prevent the exploitation of vulnerabilities, to the new Microsoft anti-malware engine capable of protecting from computer threats that can put our system at risk without needing another additional antivirus, with Windows Defender. However, this antivirus engine like many others has […]
Google Revealed a Microsoft Edge Zero-day Bug in public since Microsoft misses the 90-day deadline as well as an additional 14-day grace period. Google built a full-time dedicated Security team, known as Project Zero, that aims to prevent targeted attacks by reporting bugs to software vendors and filing them in an external database. A disclosed bug was […]
IoT Backdoor exploits called Doubledoor have been discovered which allows bypassing an IoT layered security that leads to taking complete control of the targeting network systems. IoT based cyber Attacks are blooming since the number IoT devices are increasing rapidly and attackers always find the many ways to bypass it. In this case, Doubledoor Botnet […]
Hackers have been taking advantage of the Word macro, the small pieces of code are injected into documents to automate certain tasks, to hide malware within the documents that, when opened, infect users; according to information security professionals. It is increasingly difficult to infect with malware through the Office macro, however, hackers have found a […]
A security flaw in the Skype update process can allow an attacker to gain system-level privileges on a vulnerable computer. “…the error, if exploited, can derive a local user who does not have privileges to the full-level rights of the system, granting access to every corner of the operating system”, told an information security expert. As explained […]
A Newly discovered Android Remote Access Trojan called AndroRAT targeting unpatched Android Devices that exploit the publicly disclosed critical privilege escalation vulnerability and gain some high-level access from targeted Andriod devices. This Android based RAT have an ability to gain some advance level privileges on any android devices that unpatched Remote code execution vulnerability CVE-2015-1805 and inject […]
If you haven’t updated your Windows app lately, now would be a good time. Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users’ computers, researchers said Tuesday. The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise […]
The private exploit seller is expanding its reach to acquire bugs in popular Linux builds. Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system. On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer […]
A Patched remote code execution Microsoft Office Vulnerability ( CVE-2017-11882) abusing again and using it for spreading a variety of Malware such as FAREIT, Ursnif and a Keylogger Loki info stealer that is used for stealing Crypto wallet password. In this case, some of the uncommon methods has been reused by helping of Windows Installer service Windows. Previous […]
Cisco has released new patches for a critical vulnerability in its Adaptive Security Appliance software after further investigation revealed additional attack vectors. The company first announced the vulnerability, CVE-2018-0101, on Jan. 29. It received a Common Vulnerability Scoring System base score of 10.0, the highest possible, and was initially discovered by Cedric Halbronn from NCC Group. “After broadening […]
Apple has confirmed that a “ small percentage” of iPhone 7 devices are affected by a bug that prevents the phone from connecting to a cellular network, instead displaying “No Service” on the status bar. Typically, this occurs after the iPhone switches off Airplane Mode, and is unable to re-connect to service. The company says the problem […]
Hacking just got fully automated for script kiddies. Hacking isn’t always hard. Some lower-tier hackers use programs to automatically churn through breached login details to break into other accounts, and some penetration testing tools are designed to streamline processes so hackers can get to the more interesting stuff as quickly as possible. Enter AutoSploit, a program which takes that […]
Wi-Fi bug in iOS 11.3 beta 1 compelling users to downgrade About a week ago, Apple had released its first beta version for iOS 11.3. However, it appears that users who are testing this beta version experiencing difficulties due to some nasty bugs. For instance, the Skype application crashes every time it is launched making it […]
The South Korean Computer Emergency Response Team issued a warning Wednesday of a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks are focused on South Koreans and involve malicious Microsoft Word documents. According to the South Korean Computer Emergency Response Team (KR-CERT), the zero-day is believed to […]
Adobe Flash Player now suffering from brand New Zero-day vulnerability with high severity rate and researchers believes that it cause a Severe impact on ActiveX Support browsers which leads to compromise the Windows PC. Zero-day vulnerabilities are referred to attacks on vulnerabilities that have not been patched or made public. This critical Zero-day vulnerability is […]
New Windows 10 build includes fixes for unbootable AMD CPUs for those who didn’t patch them manually. Microsoft has released build 16299.214 of the Windows 10 Fall Creators Update to bring yet another round of bug fixes. This release marked the third cumulative Windows 10 version 1709 update in January and includes the fix for […]
Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 […]
Lenovo released a security update for critical vulnerability with Lenovo Fingerprint Manager Pro that impacts dozens of ThinkPad, ThinkCentre and ThinkStation Workstations that are running Windows 7, 8 and the 8.1 operating systems. It is a utility for user authentication based on fingerprint recognition for Windows 8.1 (32-bit, 64-bit), 8 (32-bit, 64-bit), 7 (32-bit, 64-bit) […]
A study into the security of hardware license tokens. In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source […]
Electron, a popular web application writing platform underlying some extremely widespread software including Skype and Slack, is vulnerable to a critical remote code execution vulnerability. Apps are only vulnerable if they run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://. MacOS and Linux apps are not vulnerable. Referred to as a “Protocol Handler […]
“There is no need for a novelty 2FA if it doesn’t actually serve a purpose. Uber has ignored a security bug that can allow an attacker to hack into user accounts by bypassing two-factor authentication because the ride sharing company says the flaw “isn’t a particularly severe” issue. Two-factor authentication (2FA) is a vital part […]