The latest versions of PHP were recently released (PHP version 7.3.9, 7.2.22 and 7.1.32 across several branches) to address several highly critical vulnerabilities in its core and bundled libraries. The most dangerous of these vulnerabilities are the ones that could…
Facebook has announced that they have updated their HHVM server software which removes the possibility of it to be exploited. The company announced that two critical bugs were fund in it. The vulnerabilities allow the hackers to obtain sensitive data…
A new zero-day vulnerability has been discovered in Android. If exploited, the flaw could give a local attacker escalated privileges on the compromised device. According to TrendMicro’s Zero Day Initiative researchers Lance Jiang and Moony Li, the flaw is located…
The Domen Hacking Toolkit is a dangerous weapon in the hands of numerous criminal collectives which is actively being used in global attack campaigns. It is used as a framework through which malware samples can be launched through social engineering…
Zerodium, a “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research”, has updated its price list. Apparently, Android exploits are now more expensive than iOS exploits, for the first time in history. Zerodium is now paying much more…
Myriad vulnerabilities were discovered in the so-called baseboard management controllers (BMCs) of Supermicro servers. The flaws could be exploited in remote attacks and could grant access to corporate networks. Eclypsium researchers dubbed the vulnerabilities USBAnywhere. Image: Eclypsium USBAnywhere Vulnerabilities Explained…
Malware authors are always finding ways to be up-to-date with current events in their distribution campaigns. According to a brand new research by Kaspersky Lab, the latest wave of malware is hiding in school- and student-related content posted for free…
Several privilege escalation exploit chains were discovered in iOS devices by Google’s Threat Analysis Group (TAG) and Project Zero teams. The vulnerabilities were actively used by threat actors who also used compromised websites to carry out watering hole attacks against…
The well-known TrickBot malware has been updated with a new version and features so that it is used by a hacking group against mobile carrier users. The new variants are confirmed to be used against users of T-Mobile, Sprint, Verizon…
Computer researchers uncovered several popular WordPress plugins which are actively abused in order to hack sites. This is due to a weakness found in them allowing for malicious code to be injected. Since the discovery was made they have been…
Phishing, ransomware, emails from a Nigerian prince – all these scams are quite well-known. It’s true that some Internet users still trust them, but the majority do not. However, scammers are not easily defeated. Daily, they create new ways of…
The Lyceum hackers are a criminal group that was found to be be coordinating attacks against high-profile targets in the Middle East. The activities of the group were under investigation by security experts and released to the public. From the…
The Retadup worm is being shut down by computer specialists, this is the malware which is responsible for the large part of the STOP ransomware versions. The worm is primarily spread in Latin America and it has an extensive malware…
Penetration testing has become an essential for businesses looking to maintain a robust cybersecurity posture. But if you are commissioning a test for the first time, then you have the challenge of choosing the right provider. Pen testing is a…
It appears that one of the most popular Android apps called CamScanner is installing silently the Necro Trojan on victim devices, according to a new security report. It is very possible that the developers have not done it intentionally as…
A team of security experts discovered a ‘Complete Control’ weakness in the Windows operating system which can cause a wide variety of dangerous actions. The problem lies within vulnerable that is exploited by the device drivers and operating system allowing…
The Web Services Dynamic Discovery (WS-Discovery) protocol could be exploited to launch large-scale DDoS attacks, security researchers are reporting. What is the WS-Discovery protocol? The WS-Discovery protocol is described as a technical specification that defines a multicast discovery protocol to…
CVE-2019-14378 is a new vulnerability in QEMU, an open-source hardware virtualization package. QEMU emulates a machine’s processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety…
The Internet of Things home security systems can protect all IoT devices from attack. Businesses protect devices such as phones and computers with antiviruses, while the Internet of Things offers protection to appliances like fridges, cars, monitoring devices, and much…
The Balik Trojan as a dangerous malware threat is being spread onto fake hacker-made sites, in the case of the ongoing attacks they are fake VPN sites. According to the available security reports this is done by using a sophisticated…
