Glupteba is a well-known cryptocurrency mining trojan operating that has been active for a few years. The mining operation has now been disrupted, thanks to a coordinated effort by Google and Cloudflare. According to Google’s announcement, the company “has taken…
A new malvertising campaign has been detected in the wild. The campaign’s purpose is tricking potential victims into executing fake software installers of popular programs, and eventually download an infostealer, a backdoor and a malicious Chrome extension. The discovery comes…
A new data stealing malware has been detected just in time for Christmas and all the related online shopping. It seems that the trend of data stealers directly compromising servers is continuing. CronRAT is another such server-side malware, which was…
CVE-2021-42367 is a security vulnerability in the “Variation Swatches for WooCommerce” WordPress plugin. The plugin, which works as WooCommerce extension, has more than 80,000 active installations. CVE-2021-42367 Vulnerability in Variation Swatches for WooCommerce Plugin The vulnerability could enable an attacker…
A new botnet, called EwDoor, was detected in the wild while performing DDoS attacks. The attacks were targeting an unpatched 4-year-old flaw (CVE-2017-6079) in Ribbon Communications EgdgeMarc appliances that belong to telecom providers AT&T. EwDoor was first detected on Ocboter…
Printing Shellz is the name of a new set of security vulnerabilities that affect 150 different HP multifunction printers (MFPs). The flaws could be leveraged to takeover exposed devices, steal sensitive information, and sneak into enterprise networks to lay the…
CVE-2021-24084 is an improperly patched Windows security vulnerability that could cause information disclosure and local privilege escalation. The flaw is located in the Windows Mobile Device Management component, and could grant unauthorized filesystem access and read arbitrary files. Another Improperly…
The ever-growing market value of cryptocurrency, now estimated at over $2.5 trillion, has been attracting cybercriminals over the years. The digital currency has been of great help in monetizing ransom payments, but has many more other sides that are lucrative…
What Is CronRAT? CronRAT is a new sophisticated malware threat of the remote access trojan type, discovered just before this year’s Black Friday. The malware is packed with previously unseen stealth capabilities. It hides in the Linux calendar system on…
CVE-2021-41379 is an elevation-of-privilege vulnerability which Microsoft fixed earlier this month. However, it turns out that there is another, “more powerful” variant, discovered by security researcher Abdelhamid Naceri. He came across a Windows Installer EoP flaw patched by Microsoft several…
Widely used Taiwanese MediaTek system-on-chips (SoCs) contain multiple vulnerabilities, according to Check Point researchers. The chips are deployed in approximately 37% of all smartphones and IoT devices worldwide, including models by Xiaomi, Oppo, Realme, Vivo. Widely Used MediaTek SoCs Contain…
Another enormous cybersecurity incident has hit domain registrar GoDaddy. The large-scale data breach is the fifth “injury” the company has had since 2018. This time, 1.2 million GoDaddy customers were affected, after an unauthorized third-party successfully infiltrated its systems on…
A new research reveals that approximately 6 million Sky routers were vulnerable to a DNS rebinding vulnerability that allowed a customer’s home network to be compromised from the internet. The discovery comes from Ten Pest Partners. The researchers didn’t announce…
A new phishing scam targeting TikTok users has been detected. The scammers’ purpose was to try to takeover more than 125 high-profile users accounts on the platform. This is believed to be the first major phishing attack on TikTok influencers.…
Has Emotet been resurrected? It seems that the notorious malware is back for Christmas. Months after the malware was dismantled by law enforcement, security researcher Luca Ebach sees signs of Emotet usage in the wild. His report indicates that TrickBot…
SharkBot is a new Android trojan (and botnet) capable of accessing various features on breached devices to obtain credentials related to banking and cryptocurrency platforms. Users in Italy, the U.K. and the U.S. have been targeted so far. The Android…
A recently conducted analysis sheds new light on website fingerprinting (WF) attacks on Tor. Website Fingerprinting Attacks on Tor According to a team of academics (Giovanni Cherubin of Alan Turing Institute, Rob Jansen of U.S. Naval Research Laboratory, and Carmela…
CVE-2021-34484 is a Microsoft security vulnerability, originally patched in August but now exploitable with a patch bypass. The vulnerability could allow local privilege escalation from a regular user to System. It was discovered by security researcher Abdelhamid Naceri. Related: Windows…
A new Linux wormable botnet has been observed in the wild. Called Abcbot, the threat is targeting “relatively new cloud service providers (CPSs) with cryptocurrency-mining malware and cryptojacking attacks,” according to Trend Micro’s findings. The malware deploys code that removes…
Security researchers from Cybereason shed new light into the workings of TrickBot. TrickBot and Shathak Threat Groups Join Forces According to the latest findings, the threat actors behind the TrickBot trojan, known as Wizard Spider, are currently working together with…
