Attackers are currently exploiting a critical vulnerability, indexed CVE-2017-5638, allowing them to obtain nearly absolute control over web servers used by banks, government agencies, and big Internet companies. The attacks were disclosed by Vicente Motos from Hack Players, who wrote…
One of biggest scandals of 2017, the one involving WikiLeaks and the CIA, is escalating by the minute. It is now known that one of the teams of the agency specializes in reusing bits of code and techniques taken from……
Another day, another breach. Brian Krebs just reported that Verifone, the largest manufacturer of credit card terminals in the US, is currently investigating a breach of its internal networks. These computer networks appear to have been limited to Verifone’s corporate…
Ransomware has been the primary online threat for the past couple of years, and it is expected to be just that in 2017. Let’s take a survey from June 2016 by Osterman Research, which revealed that almost one out of…
The last time we wrote about wiper malware was in December when Shamoon returned to the malware scene. Shamoon, a.k.a. Disstrack was initially detected about four years ago in attacks against Saudi Oil Company Aramco. Its intention was to wipe…
If you haven’t been infected by ransomware, ever, you are either very good at taking care of your data, or you have been incredibly lucky. Ransomware has been continuously evolving, and has become incredibly widespread thanks to the ransomware-as-a-service (RaaS)…
CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 are three recently uncovered Microsoft vulnerabilities that bring to light once again the employment of Intrusion prevention system protection (IPS), as pointed out by TrendMicro researchers. IPS, also known as Virtual Patching, helps protect against vulnerabilities even…
Dridex, one of the worst banking Trojans to ever enter the financial malware scene, is back once again, and is in a better shape than before. New capabilities have been added to Dridex v4 which make it even more impossible…
Palo Alto researchers just discovered 123 Android apps located on Google Play that tried to infect users with… Windows malware. The apps were infected with “tiny hidden Iframes that link to malicious domains in their local HTML pages”. The most…
If you are a core Windows user, perhaps you’ve already heard about the new feature Microsoft just implemented in Windows 10. The novel feature blocks the installation of Win32 apps and restricts the OS to run just Windows Store apps.…
Sucuri researchers just came across a serious vulnerability that affects WordPress website databases. More particularly, a WordPress gallery plugin with more than 1 million active installations has been found to have a severe SQL injection flaw. The researchers say that:…
Are you a Windows user? If so, have you switched to Windows 10, or are you still running an older version of Microsoft’s operating system? According to new market share statistics by NetMarketShare, Windows 7 started growing again in February…
Another day, another vulnerability. Did you hear about the recently revealed remote code execution bug in all (except the latest) ESET Endpoint Antivirus 6 for macOS? The vulnerability in question has been identified as CVE-2016-9892. The vulnerability was discovered and…
Problems were reported with Google Chrome’s latest update. More particularly, Chromebook users were unable to reach the Internet. Chromebooks are primarily used in schools where the connection is protected by proxies like Symantec’s BlueCoat. In fact, the issue with the…
How about that? 2 million voice recordings of children and parents, together with e-mail addresses and passwords belonging to 800,000 accounts have been exposed. The reason? Insecure Internet-connected stuffed animal toys! Voice Recordings and Sensitive Data from Connected CloudPets Toys…
Google’s Project Zero reported to Microsoft a security bug in Edge and Internet Explorer 11 on November 25th, 2016, which still hasn’t been patched. The vulnerability, identified as CVE-2017-0037, would allow remote code execution where attackers could crash browsers and…
E2EMail, an experimental end-to-end encryption system developed by Google, was just made available for open-source usage. “E2EMail is not a Google product, it’s now a fully community-driven open source project, to which passionate security engineers from across the industry have…
In January 2017 the Federal Trade Commission started suing the Taiwanese router production company D-Link because of vulnerabilities in their Wi-Fi routing devices and web cameras. Those vulnerabilities could allow attackers to exploit the devices. Almost two months later, security…
After it was rebranded in 2016, Adwind, the famous remote access tool has been put to use once again. Attacks on more than 1,500 organizations have been reported, and at least 100 countries have been compromised, Kaspersky Lab report reveals.…
Hackers have been detected earlier this month to join almost every lobby in one of the biggest online competitive games out there – Counter Strike:Global Offensive. The hackers did not have any specific need, but a simple message they had…
