Simjacker is a new set of vulnerabilities that, researchers say, have been exploited for the purpose of surveillance for at least 2 years. The Simjacker vulnerabilities appear to be rather sophisticated and complex, in comparison with previously disclosed attacks over…
The InnfiRAT Malware is a newly discovered threat which includes a sophisticated cryptocurrency theft module. It is written using the .NET framework and targets Windows machines in particular. Cryptocurrency Holders Under Attack By The InnfiRAT Malware Security researchers have discovered…
The PsiXBot malware is an advanced threat that contains several dangerous modules that set it apart from other similar malware of its type. Among them is a sextortion blackmail component that can be very effective against its intended victims. The…
Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch Tuesday – CVE-2019-1214 and CVE-2019-1215. In total, 80 vulnerabilities were fixes of which 17 were listed as critical, and the rest – important. More about CVE-2019-1214 and CVE-2019-1215 Apparently, both…
The Windows Update mechanisms through the Windows Background Intelligent Transfer Service (BITS) has been found to deliver the dangerous Stealth Falcon malware. This is the default any of applying updates to the Microsoft Windows operating system. A complex strategy is…
Cybersecurity researchers have outlined a new type of attack involving Intel server-grade processors since 2012. The attack is based on a vulnerability named NetCAT (Network Cache Attack). The vulnerability could allow sniffing data by mounting a side-channel attack over the…
How much exactly does Facebook know about us? No one would argue the pervasiveness of the social network and its impact on our lives. But do we fully comprehend the amounts of personal, highly sensitive information that Facebook gets hold…
Patch gapping is a serious issue that puts a system at risk of exploits. The problem stems from a gap in time before a patch of a security vulnerability in an open-source software is shipped to users. The vulnerability may…
Dangerous vulnerabilities were recently discovered in Telestar Digital GmbH IoT radio devices. The flaws could allow remote attackers to hijack vulnerable systems. The vulnerabilities were discovered by Vulnerability Laboratory. Some of them are already assigned CVE numbers – CVE-2019-13473 and…
Wikipedia has suffered a major DDoS attack. The attack took place during the weekend. According to Wikipedia’s official statement released on September 7, “Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent…
The latest versions of PHP were recently released (PHP version 7.3.9, 7.2.22 and 7.1.32 across several branches) to address several highly critical vulnerabilities in its core and bundled libraries. The most dangerous of these vulnerabilities are the ones that could…
Facebook has announced that they have updated their HHVM server software which removes the possibility of it to be exploited. The company announced that two critical bugs were fund in it. The vulnerabilities allow the hackers to obtain sensitive data…
A new zero-day vulnerability has been discovered in Android. If exploited, the flaw could give a local attacker escalated privileges on the compromised device. According to TrendMicro’s Zero Day Initiative researchers Lance Jiang and Moony Li, the flaw is located…
The Domen Hacking Toolkit is a dangerous weapon in the hands of numerous criminal collectives which is actively being used in global attack campaigns. It is used as a framework through which malware samples can be launched through social engineering…
Zerodium, a “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research”, has updated its price list. Apparently, Android exploits are now more expensive than iOS exploits, for the first time in history. Zerodium is now paying much more…
Myriad vulnerabilities were discovered in the so-called baseboard management controllers (BMCs) of Supermicro servers. The flaws could be exploited in remote attacks and could grant access to corporate networks. Eclypsium researchers dubbed the vulnerabilities USBAnywhere. Image: Eclypsium USBAnywhere Vulnerabilities Explained…
Malware authors are always finding ways to be up-to-date with current events in their distribution campaigns. According to a brand new research by Kaspersky Lab, the latest wave of malware is hiding in school- and student-related content posted for free…
Several privilege escalation exploit chains were discovered in iOS devices by Google’s Threat Analysis Group (TAG) and Project Zero teams. The vulnerabilities were actively used by threat actors who also used compromised websites to carry out watering hole attacks against…
The well-known TrickBot malware has been updated with a new version and features so that it is used by a hacking group against mobile carrier users. The new variants are confirmed to be used against users of T-Mobile, Sprint, Verizon…
Computer researchers uncovered several popular WordPress plugins which are actively abused in order to hack sites. This is due to a weakness found in them allowing for malicious code to be injected. Since the discovery was made they have been…
