New Mac malware is being developed targeting a recently discovered macOS Gatekeeper security flaw. The malware in question is known as OSX/Linker, and it has been analyzed by Intego security researcher Joshua Long. OSX/Linker Malware: what we know so far…
Have you heard of the Wireless Emergency Alert system? The WEA system is designed to broadcast alert messages by the president to the US population in case of a nationwide emergency. The system can also broadcast the so-called weather AMBER…
How do you feel about a file sharing service sending your files to the wrong person? Sounds frustrating, doesn’t it? WeTransfer Security Incident: What Happened? In fact, this is not a hypothetical situation. Apparently, the popular WeTransfer service has been…
Several security researchers pointed out that there is a large-scale malware Master134 Ad Campaign that is being directed against users worldwide. There is no information available about the perpetrators of the crime, it may be a highly experienced hacking group…
Social Engineered, a platform which promotes “the art of human hacking” has been hacked. As a result, its users’ data was leaked on a competitor’s website. 89,000 unique email addresses linked to 55,000 members of the platform were compromised, as…
The Slackor RAT is a tool developed primarily for security researchers allowing for malicious actors to use Slack as a server backend. In real-world scenarios it can also be utilized by hackers in large-scale attacks. This can be extremely dangerous…
Sucuri researchers just reported that someone got in touch with them regarding “a malicious process they had discovered running on their web server”. The process in question was quite heavy on the CPU, pointing to a cryptominer process running in…
Linux. On Windows. It sounds like something straight out of a Skyrim mod where you can add Dark Souls in it but just like what Todd Howard said, “It just works.” No seriously, you can run Linux or Bash on…
We haven’t heard any news about Ryuk ransomware for some time but it seems its operators are back on track as the ransomware has been updated. The new variant is adding an IP address and computer blacklisting to skip the…
A new lucrative method for generating profits in digital currencies has been created and used for a while now. It is known as Digital Currency Mining, and everyone can participate in it. However, this type of profit generating via using…
A Chrome extension was just removed from the browser’s official Web Store because it was covertly hijacking search engine queries and taking users to suspicious search results. The extension in question is Youtube Queue, and it has been installed by…
Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability. This means that your Firefox browser needs to be patched immediately so that…
Avast researchers hacked a smart coffee maker “in all kinds of ways”. They even turned it into a ransomware tool and a gateway to a home network. The idea of this hacking project was to see how deep IoT vulnerabilities…
IBM researchers just discovered another serious zero-day vulnerability, this time impacting TP-Link Wi-Fi Extenders. The vulnerability (known as to CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware…
A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attacks. Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed…
The dangerous Houdini worm has been transformed into a new variant dubbed WSH Remote Access Tool (RAT). More specifically, the new malware is an iteration of the VBS-based Houdini also known as H-Worm, which first appeared back in 2013. The…
Security researchers discovered yet another Android Trojan that uses push notifications to trick users into subscribing to dubious sites. The Trojan is known under the Android.FakeApp.174 detection name. Android.FakeApp.174 In Detail Android.FakeApp.174 uses Google Chrome to load questionable websites that…
Tavis Ormandy, security researcher at Google’s Project Zero, has “noticed a bug in SymCrypt, the core library that handles all crypto on Windows.” The bug is a zero-day of the DoS (denial-of-service) type. The bug means that “basically anything that…
It is a known fact that vulnerabilities in medical devices can endanger the physical security of patients. Security researchers have discovered two new such vulnerabilities, one of which is critical and could allow full control of the medical device. The…
A new side-channel exploit against dynamic random-access memory (DRAM) has been discovered. The attack, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware. RAMBleed has been identified as CVE-2019-0174.…
