During last year’s Data Privacy Day (January 27th, 2021), Apple shared its initiative “A Day in the Life of Your Data”. The document presented detailed information of how data is being collected from users, and how data brokers generally operate.…
The infamous Ryuk ransomware has received an important update, equipping it with a new work-like capability. The capability allows the ransomware to spread across compromised networks, making it even more dangerous. Ryuk ransomware updated with new worm-like capability The Ryuk…
Microsoft recently addressed four zero-day vulnerabilities in its Exchange email server. The flaws’ impact is quite alarming, as the Exchange platform is one of the most popular in enterprise infrastructure. Moreover, Microsoft believes the flaws were actively exploited by a…
Amazon Alexa’s users should be aware of a new vulnerability in the voice assistant skill vetting process. Vulnerabilities in Alexa Skill Ecosystem The loopholes could allow threat actors to publish a deceptive skill under any arbitrary developer name. They could…
A privacy bug related to the built-in Tor mode was recently patched in Brave browser. The bug was spotted by bug hunter known as xiaoyinl, and reported to Brave via its HackerOne bug bounty program. Brave Browser’s built-in Tor mode…
MassLoger is one of the most popular credential stealers out there, and it’s been detected in a new phishing campaign. The malware is capable of harvesting login details from Microsoft Outlook, Google Chrome, and some instant messenger applications. The latest…
Crypocurrency mining is once again at its peak. WatchDog, a mining malware which has been around for at least a couple of years, is one the of largest and longest-lasting Monero-mining operations so far. The operation is ongoing, and due…
Malvertising campaigns (short for malicious advertising) could bring a variety of malicious payloads by exploiting various vulnerabilities. The latest such malvertising campaign coordinated by the ScamClub group exploited a zero-day in WebKit-based browsers. The end goal of the operation was…
There’s quite a big loophole in macOS Big Sur which could lead to data loss. The bug resided in Big Sir 11.2, and was also introduced to the 11.3 version. macOS Big Sur Bug Could Lead to Data Loss Shortly…
Have you been using the Android version of the SHAREit app? Unfortunately, it turns out that the app, which has more than one billion downloads, contains unpatched vulnerabilities. The app’s developer has failed to address the bugs for more than…
A new improvement of the security of Microsoft Edge and Google Chrome will be a fact soon. Both Chrommium-based browsers will support a new security feature provided by Intel. The so-called CET feature, or Control-flow Enforcement Technology will prevent vulnerabilities.…
Are you using Telegram? If so, you should know that the messaging app fixed a privacy-related vulnerability in the macOS app. The bug made it possible to access self-destructing audio and video messages even after they were gone from secret…
A new critical vulnerability affecting the SAP Commerce platform was reported yesterday. CVE-2021-21477 in SAP Commerce Platform CVE-2021-21477 could allow threat actors take advantage of the SAP application used by e-commerce businesses, leading to remote code execution. The flaw affects…
Remember CVE-2021-3156, the vulnerability affecting the entire Linux ecosystem and macOS? Apple Just Released a Fix for CVE-2021-3156 A successful exploit scenario could allow unprivileged users to obtain root privileges on the vulnerable host. Qualys, the company that reported the…
Cyberattacks can compromise the systems of crucial facilities, thus endangering the lives of people. This is what happened in Florida, USA recently, when a malicious intruder remotely accessed the IT system of the water treatment facility. The incident took place…
Phishing operators have created a new obfuscation technique that uses Morse code to conceal malicious URLs within an email attachment. This is perhaps the first case of threat actors utilizing Morse code in such a way. Threat Actors Using Morse…
Have you been using The Great Suspender Chrome extension? If so, you should beware that the extension was found to contain malware. Google already removed the popular add-on and even deactivated it on users’ computers. The Malicious Capabilities of The…
Remember CVE-2021-3156, also known as Baron Samedit? It is a recently disclosed vulnerability affecting nearly the entire Linux ecosystem. CVE-2021-3156 Also Affects macOS According to the latest research, Linux is not the only environment that the vulnerability affects. Researcher Matthew…
According to Google security researcher Maddie Stone, software developers should stop delivering faulty zero-day patches. In a presentation during the USENIX’s Enigma 2021 virtual conference, the researcher shared an overview of the zero-day exploits detected last year. Zero-Day Flaws Not…
Ransomware operators are known to exploit various vulnerabilities, especially in campaigns against enterprises and organizations. Such is the case with two vulnerabilities in the VMWare ESXi product, included in the attacks of at least one prominent ransomware gang. These attacks…
