CVE-2017-8917 is a Joomla vulnerability just disclosed by Sucuri researchers. During regular search audits, the researchers discovered an SQL injection flaw affecting Joomla! 3.7. The flaw is easily exploitable as it doesn’t require a privileged account on the target’s site.…
Eugene Kaspersky, the CEO of Kaspersky Inc. has offered a very interesting AMA (Ask me Anyithing) on Reddit forums from which some interesting details about the future of the company and cyber-security were revealed. We were able even briefly to…
Security researchers at Proofpoint just revealed that there’s been another attack that used the same exploits deployed in the WannaCry global ransomware outbreak. More particularly, Proofpoint’s Kafeine researcher says that the EternalBlue exploit has been used together with a backdoor…
Malware researchers have detected that The Shadow Brokers, the group that released the “WannaCry Exploits”, have made a statement recently that more zero-day bugs are about to be released along with classified information. The hackers have not specified what exactly…
WordPress is one of the platforms that often fall victims to malicious attacks. Fortunately, the company has decided to join the bug bounty initiative, now embraced by multiple organizations in their attempt to confront cybercrime. Security researchers who come across…
Irfan Shakeel is an engineer, penetration tester, a security researcher who has dedicated his career to securing information through quality education. Irfan is the founder of ehacking.net and the EH Academy where people interested in programming, penetration testing, wireless and…
The WannaCry (.WNCRY, Wana Decrypt0r 2.0) ransomware outbreak is definitely the scariest cybersecurity event of 2017. So far. The ransomware has compromised the systems of Telefonica in Spain, as well as multiple hospitals in the UK. It has also been…
Are you the owner of an HP laptop? Then read carefully. Security researchers from security firm Modzero came across a built-in keylogger in an HP audio driver while examining Windows Active Domain infrastructure. “Security reviews of modern Windows Active Domain…
ASUS RT wireless router owners, beware! If you haven’t updated your router’s firmware, you should do it immediately. Nightwatch Cybersecurity researchers have found vulnerabilities, CVE-2017-5891 and CVE-2017-5892, in these routers. The team has revealed the POC exploit code for the…
A researcher has found multiple vulnerabilities in Wireless IP Camera (P2P) WIFICAM cameras and also flaws in custom HTTP server. More specifically, more than 100,000 Internet-connected cameras are prone to attacks by a new IoT malware dubbed Persirai. The malware…
Cumulative updates often cause headaches. Microsoft just rolled out May 2017’s Patch Tuesday, so let’s see how smooth things are going. The majority of users say that they experienced zero issues installing the cumulative updates. But there are still people…
Just this morning, we wrote about the “worst Windows remote code exec in recent memory” discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich. The terrifying bug is now made public and has been identified as CVE-2017-0290. The…
Phishing scams started around the late 90’s, and have continuously evolved since. The latest forms of phishing include the traditional phishing, spear phishing, CEO frauds, and Business Email Compromise (BEC). One of the worst outcomes of phishing is the ransomware…
Researchers Tavis Ormandy and Natalie Silvanovish from Google Project Zero have discovered and reported a remote code execution vulnerability in Windows. This bug is in fact the “worst Windows remote code exec in recent memory”. The researchers also described the…
The Continuous Growth of BEC Scams Demonstrated in the Latest FBI Report BEC (Business Email Compromise) scams have grown to the staggering rate of 2,370 percent in the last couple of years, as reported by the FBI. The latest FBI…
Signaling System No. 7 known as SS7 has been exploited by hackers in attacks designed to steal money from victims’ online bank accounts. SS7 is a set of telephony signaling protocols developed in 1975, which is used to set up…
Have you heard of ultrasonic tracking? You may not be aware of it but it doesn’t mean you aren’t subjected to it. As discovered by researchers at Technische Universit at Braunschweig Brunswick, Germany, more and more Android applications are listening…
A new report by Neustar shows that DDoS attacks are quite expensive and cost organizations more than $2.5 million in revenue. Barret Lyon, Head of Research and Development at Neustar, called these attacks “the zeitgeist of today’s Internet”, and highlighted…
News broke out that Microsoft has made it so that their newer lighter version will have Edge set as a default browser permanently. However, it is possible to download an alternative web browser, so do not be hasty in your…
A new report by DomainTools reveals the names of the retail companies that are the most frequent victims of phishing. These brands are abused by scammers who create look-alike domains to harvest users’ details. According to the researchers, brands like…
