CVE-2017-1000367 is a severe root Linux vulnerability discovered by Qualys Security researchers. The flaw resides in Sudo’s “get_process_ttyname()” function for Linux and could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo,…
AOL web developer Ran Bar-Zik has uncovered a Google Chrome bug that allows websites to record audio and video without the user’s knowledge or any signs of the activity. Google however doesn’t consider the bug to be a critical security…
The Android operating system has a restriction to block the installation of applications outside Play Store. Switching to “unknown sources” is a very bad idea regarding the security of the device, and any many security experts would confirm this. Interestingly,…
A new Windows flaw, affecting almost all versions of the OS, Windows 10 excluded has been unearthed. More specifically, Windows 7 and Windows 8.1 are prone to the same bug where certain bad filenames make the system lock up or…
Have you heard of the Samba project? It’s a popular open source project that is used on Linux and Unix machines so that they work with Windows file and print services. The project lets you work as a client that…
Researchers from Georgia Institute of Technology and UC Santa Barbara have uncovered a new Android exploit affecting all versions of the operating system. The exploit is dubbed Cloak and Dagger and is seen as a new class of potential attacks…
Victims of the BTCWare ransomware now have a way to decrypt their files for free using the decryption tool developed by Avast. Related Story: Find Decryption Key for Files Encrypted by Ransomware Avast Develops BTCWare Decrypter BTCWare is a ransomware…
Ever dreamed of a career in the field of cybersecurity? These positions become more and more valuable and well-paid. Chief Information Security Officers in particular are in high demand right now and, considering the complexity and stress levels of the…
Meet Athena, the latest file unearthed in WikiLeak’s Vault 7 inventory of CIA hacking tools. Athena is a surveillance (spying) tool which has been created to capture communications from computers running Windows XP to machines on Windows 10, researchers say.…
Remember the leaks of exploits used by the WannaCry SMB worm that cause more than 240,000 detections in 48 hours? If you do, you’d remember they were named EternalBlue and DoublePulsar. A new worm has appeared, carrying the name EternalRocks…
The WannaCry ransomware outbreak took place because of the EternalBlue vulnerability obtained by the NSA and then stolen from the Shadow Brokers. The hacking group recently revealed more vulnerabilities owned by the NSA claiming the agency used them to get…
Kaspersky Lab statistics indicate that WannaCry attacks on Windows 7 accounted for 98% of the total number of infections. More particularly, over 60% of the systems attacked by WannaCry were running the 64-bit version of Windows 7, whereas 32% of…
Netcraft researchers report that the number of phishing sites using HTTPS has increased since January when a new feature was introduced in Mozilla Firefox and Google Chrome browsers. Thanks to this feature, the two browsers display warnings when an HTTP…
CVE-2017-8917 is a Joomla vulnerability just disclosed by Sucuri researchers. During regular search audits, the researchers discovered an SQL injection flaw affecting Joomla! 3.7. The flaw is easily exploitable as it doesn’t require a privileged account on the target’s site.…
Eugene Kaspersky, the CEO of Kaspersky Inc. has offered a very interesting AMA (Ask me Anyithing) on Reddit forums from which some interesting details about the future of the company and cyber-security were revealed. We were able even briefly to…
Security researchers at Proofpoint just revealed that there’s been another attack that used the same exploits deployed in the WannaCry global ransomware outbreak. More particularly, Proofpoint’s Kafeine researcher says that the EternalBlue exploit has been used together with a backdoor…
Malware researchers have detected that The Shadow Brokers, the group that released the “WannaCry Exploits”, have made a statement recently that more zero-day bugs are about to be released along with classified information. The hackers have not specified what exactly…
WordPress is one of the platforms that often fall victims to malicious attacks. Fortunately, the company has decided to join the bug bounty initiative, now embraced by multiple organizations in their attempt to confront cybercrime. Security researchers who come across…
Irfan Shakeel is an engineer, penetration tester, a security researcher who has dedicated his career to securing information through quality education. Irfan is the founder of ehacking.net and the EH Academy where people interested in programming, penetration testing, wireless and…
The WannaCry (.WNCRY, Wana Decrypt0r 2.0) ransomware outbreak is definitely the scariest cybersecurity event of 2017. So far. The ransomware has compromised the systems of Telefonica in Spain, as well as multiple hospitals in the UK. It has also been…
