Browsing category
A particular TP-Link router model will spew out its admin password in cleatext to anyone that sends an SMS message to the router’s SIM card with a particular script inside, according to German security researcher Jan Hörsch, who shared his findings with German newspaper Heise.de. The vulnerability affects TP-Link model M5350, a 3G mobile Wi-Fi […]
At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we observed suspicious activities from some samples. After quick but in-depth research, this morning we have confirmed these samples are exploiting a vulnerability in Microsoft Windows and Office that is not yet patched. This blog post […]
The Shadow Brokers (TSB) are back, and they’ve released the password for the rest of the hacking tools they claim to have stolen from the NSA last year. TSB is a mysterious group that appeared in the summer of 2016 when they dumped on GitHub and other sites a trove of files they claim to […]
[jpshare] MS word Document is on of the main Vector to easily spread the Macro viruses to the Victims. an undisclosed vulnerability has been Discovered in Microsoft Office RTF( Rich Text Format) Document. FireEye Security Researchers Said, This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit.This vulnerability found […]
If you follow the steps in the phishing email, you may end up giving attackers a way into stealing your identity. Apple customers should pay extra attention to the emails they’re getting because there’s another wave of phishing taking place right now. In fact, bogus “Welcome to iCloud Mail” scam emails are hitting inboxes as […]
The investigation into The Love Zone child pornography site was much larger in scope than previously thought. Last year, Motherboard found Australian authorities had unmasked Tor users in the US as part of a child pornography investigation. Judging by court documents, Australian authorities sent targets a hyperlink to a video that, when clicked, would give […]
For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. For their attacks, the groups are using a zero-day in Apache Struts, disclosed and immediately fixed […]
Short Bytes: There are good chances that you might’ve heard about Samsung’s Android replacement Tizen OS. Recently, an Israeli researcher uncovered 40 zero-days in this Linux-based open source OS. As most of the flaws can enable remote code execution, they are very critical. While Samsung refused to acknowledge the findings initially, it has recently promised to mitigate […]
Hackers are using a combination of low and high-tech attacks to make ATMS spit out cash, according to Kaspersky researcher Igor Soumenkov, who presented this novel attack at this year’s Security Analyst Summit, taking place in St. Maarten this week. These attacks first started last year, when several banks in Europe and Russia discovered empty […]
Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone’s WiFi component. The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included […]
Experts at Cylance disclosed two UEFI flaws that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. Experts at security firm Cylance have disclosed two UEFI vulnerabilities that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. The experts tested the latest firmware […]
The Internet of Shit gets up close and personal. If you’re using an internet-connected vibrator equipped with a camera that allows you to stream your “pleasure” right to the internet, your intended viewers might not be the only ones watching. Hackers from the UK-based security firm Pen Test Partners have found that it’s trivially easy […]
A series of phishing campaigns is targeting airline consumers with messages crafted to trick victims into handing over personal or business credentials. A wave string of phishing campaigns is targeting airline consumers with messages crafted to trick victims into handing over personal or business credentials. The phishing messages pretend to be sent from a travel agency […]
Several users have complained about “fake Flash” ads, which if triggered, can lead to a ransomware attack. Several users have complained that ads served through Microsoft’s Skype app are serving malicious downloads, which if opened, can trigger ransomware. News of the issue came from a Reddit thread on Wednesday, in which the original poster said […]
Earlier this month, we teased a proof of concept for UEFI ransomware, which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren’t just a theoretical concept, but have actually been weaponized by nation states to conduct cyber-espionage. Physical access requirements are a thing of […]
This driver provides HDLC serial line discipline and comes as a kernel module in many Linux distributions, which have CONFIG_N_HDLC=m in the kernel config. So RHEL 6/7, Fedora, SUSE, Debian, and Ubuntu were affected by CVE-2017-2636. Currently the flaw is fixed in the mainline Linux kernel (public disclosure). The bug was introduced quite a long […]
A former sysadmin is facing up to ten years in prison and a fine of up to $250,000 after he used a backdoor account and sabotaged his former employer on the day he was fired. The incident in question took place on September 1, 2016, the day Joe Vito Venzor, 41, was let go from […]
Supo: Espionage rising, attacks on infrastructure falling. The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes. That news comes in the agency’s review of intelligence activity in 2016, announced here. The major trends in cyber-intelligence Supo highlights in the report are increasing attacks against […]
Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users. While JavaScript popups have been used to redirect users to malware downloads, these intrusive dialogs have […]
Internet Information Services is an extensible web server made by Microsoft for use with the Windows NT family.IIS can help you achieve better performance, reliability, scalability, and security for your websites. The IIS6.0 zero-day flaw was found by two scientists with the Information Security Lab and School of Computer Science and Engineering, South China University of […]
A common infection vector used by botnet creators is scanning the Internet for web vulnerabilities to exploit for malware or back doors. The advantage of hitting servers over personal consumer devices is the ability to leverage powerful hardware that is always online and has high bandwidth. Also, many servers do not have anti-virus solutions in […]