An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
A new critical vulnerability has been found in Cisco IOS Software and Cisco IOS XE Software that could lead to remote code execution and a denial-of-service condition. An unauthenticated, remote attacker could execute arbitrary code to take full control over…
CVE-2018-0986 is the identifier of a brand new critical Windows vulnerability which resides in Microsoft Malware Protection Engine and affects Windows Defender. The flaw could trigger remote code execution when the engine doesn’t properly scan a specially crafted file leading…
A new piece of Android malware has been discovered. Dubbed KevDroid, the malware is being distributed in the form of a fake anti-virus application called Naver Defender. KevDroid is in fact a remote administration tool that steals sensitive data from…
Google has just put in motion a new Web Store policy regarding Chrome extensions that mine cryptocurrency. There has been a significant uptick in malicious extensions, and the technology giant has decided to ban any such extension that harms users.…
The popular CMS system Drupal has been found to contain a highly critical security vulnerability that affects Drupal versions 7 and 8. The flaw has been given the CVE-2018-7600 identifier. Drupal developers are urging admins to patch their websites as…
One of the hottest trends in malware design is AutoHotKey, security researchers say. AutoHotKey or AHK for short is an open-source scripting language that was written for Windows in 2003. In detail, the open-source language was initially aimed at providing…
One of the newest detected ransomware pieces out there has been dubbed Gedantar ransomware, or Gedantar file virus, after the main executable Gedantar.exe. The ransomware was discovered by security analyst Karsten Hahn, and researchers believe that it is an updated…
Three critical vulnerabilities have found in Cisco products. More specifically, Cisco’s IOS and IOS XE contain two flaws – CVE-2018-0151 and CVE-2018-171. The third flaw concerns only Cisco IOS XE Software. If exploited, it could allow an unauthenticated, remote attacker…
Facebook Container is the name of a brand new add-on for Firefox that the Mozilla Foundation released to isolate Facebook and all of its domains from tracking users across the websites they visit while browsing. The add-on is built on…
Instead of fixing things, the patch Microsoft released for the Meltdown bug as part of the January 2018 Patch Tuesday – CVE-2017-5754 – caused further issues on Windows 7. The faulty patch allows user-level apps to read content from the…
AVCrypt is the name (after a sample named av2018.exe) of a new ransomware that displays a rather unique behavior. The ransomware attempts to uninstall whatever anti-virus and security programs are present on the targeted system. Not only does AVCrypt attempt…
Another vulnerability in macOS has been unearthed exposing passwords used for encrypted APFS external drives in plain text. The bug is present in macOS 10.13.1, and according to mac4n6, the researcher who found it, it’s still there in macOS 10.13.3.…
A new report compiled by marketing agency Fractl reveals how much worth is a user’s login for a range of online services used on a daily basis, such as Facebook, PayPal, DHL, and Gmail. The results are staggering. To do…
Facebook is once again at the center of attention, following the events from last week when the Cambridge Analytica scandal burst out. Now, it has come to the attention of several users that the Facebook’s mobile apps for Android have…
TeleRAT is the name of the latest Android Trojan that was discovered by researchers at Palo Alto Networks. The Trojan is designed to use Telegram Bot API for communication with its command and control server with the purpose of exfiltrating…
Trend Micro researchers have observed a new Monero cryptocurrency mining campaign that targets Linux servers. The campaign is using reused and known vulnerabilities – more particularly, a flaw that has been patched for five years. Users should note that the…
Ledger cryptocurrency hardware wallets have been found to be vulnerable, a teenage security researcher revealed in a blog post. The 15-year-old Saleem Rashid discovered the bug that allowed attackers to fabricate the device’s seed generation, and this way harvest any…
CVE-2018-0878 is the identifier of an information disclosure vulnerability that exists in Windows Remote Assistance. The flaw is triggered when WRA incorrectly processes XML External Entities (XXE). An attacker who successfully exploits the flaw could obtain information further abuse the…
Probably the most important factor when it comes to Facebook criticism is the way the social network handles the personal data of its users. Privacy issues related to individual cases have fueled the debate over time. The majority of the…
There were times, not too long ago, when exploit kits were widely deployed by hackers in various types of malicious campaigns. However, with the improvement of browsers and some other security-focused factors, the use of EKs began to decline, and…
