The fourth edition of the well-known Tianfu Cup hacking content took place during the weekend of October 17 and 17 in Chengdu. The competition was won by Kunlun Lab, a Chinese cybersecurity company. Kunlun Lab’s team got the monetary award…
A new vulnerability is lurking in unpatched versions of LibreOffice and OpenOffice, making it possible for hackers to manipulate documents to make them look like they have been signed by a trusted source. Even though the vulnerability (CVE-2021-41832 in OpenOffice…
NSA recently released a warning regarding a specific type of attack, known as the ALPACA technique. Shortly said, the Agency is warning network administrators of the risk of using “poorly scoped wildcard Transport Layer Security (TLS) certificates.” NSA’s guidance also…
Security researchers have uncovered a new, previously unseen malware family targeting Linux systems. Dubbed FontOnLake by ESET researchers, and HCRootkit by Avast and Lacework, the malware has rootkit capabilities, advanced design and low prevalence, suggesting that it is primarily meant…
There’s an issue with the popular open-source CAPTCHA software developed by MyBB. The platform is warning its users that the latest version of its software includes a CAPTCHA-breaking bug that could affect forum functionality. MyBB CAPTCHA Bug Explained MyBB is…
Security researchers just reported three security vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) in Axis video products, that could be exploited in various attacks against businesses. The flaws are located in Axis IP video surveillance systems and could allow arbitrary code execution. CVE-2021-31986,…
Apache just patched two security vulnerabilities (CVE-2021-41773 and CVE-2021-33193) in Apache HTTP Server 2.4.49, one of which important and the other one moderate. CVE-2021-41773 CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49. There are…
Syniverse, a global company that provides technology and business services for a number of telecommunications companies, such as AT&T, T-Mobile, Verizon, Vodafone, and China Mobile, has been hacked. According to a “quiet disclosure” the company made, hackers have been inside…
Are you having trouble reaching Facebook, WhatsApp and Instagram? Don’t be shocked – even the most popular services suffer outages, and these three are no exclusion. Facebook, WhatsApp, Instagram Down All three platforms stopped working a few hours ago. According…
Windows 11 official launch is due tomorrow, October 5. Windows 10 users with eligible devices are presented with the option of a free upgrade. You can also buy a new computer with a pre-loaded Windows 11 operating system. But is…
The notorious Conti ransomware has been updated with an intriguing capability – destroying the victim’s backups. Conti ransomware hunts for Veeam privileged users and services According to a detailed report by Vitali Kremez and Yelisey Boguslavskiy of Advanced Intelligence, Conti…
Apple’s personal item-tracker devices, known as AirTag, can be exploited to deliver malware, cause clickjacking, steal user credentials and tokens, due to a zero-day XSS vulnerability. AirTag is an iPhone accessory that provides a private and secure way to easily…
A nefarious Android trojan, called GriftHorse and hidden in an agressive mobile premium services campaign has stolen hundreds of millions of Euros. The discovery comes from Zimperium zLabs researchers who discovered the trojan has been using malicious Android applications to…
CVE-2021-26084 is a vulnerability in Atlassian Confluence deployments across Windows and Linux. The flaw is critical, and has been exploited to deploy web shells causing the execution of cryptocurrency miners on vulnerable systems. CVE-2021-26084: Critical Atlassian Confluence Vulnerability According to…
Kaspersky’s Secure List researchers just released new findings regarding the infamous surveillance toolset known as FinSpy, FinFisher or Wingbird. Related: Flubot Android Spyware Delivered via Fake SMS Messages about Missed Package Delivery Deeper Look into FinSpy’s Capabilities The researchers have…
There’s a new backdoor in the wild attributed to the NOBELIUM threat actor, believed to be behind SUNBURST backdoor, TEARDROP malware, and “related components”. According to Microsoft Threat Intelligence Center (MSTIC), the so-called FoggyWeb is a post-exploitation backdoor. The NOBELIUM…
A new mobile banking Trojan has just surfaced. Called ERMAC, the malware appears to be coined by the BlackRock cybercriminals and is based on the roots of the infamous Cerberus. “If we investigate ERMAC, we can find out that ERMAC…
Google recently released an emergency patch for its Chrome browser that fixes a vulnerability with a known exploit in the wild. CVE-2021-37973 Actively Exploited in the Wild CVE-2021-37973 is a use after free vulnerability in Portals API, which is a…
Apple released updates for three zero-day flaws exploited in the wild. CVE-2021-30869, CVE-2021-30860, CVE-2021-30858 The first actively exploited zero-day flaw, CVE-2021-30869, has been fixed in updates for macOS Catalina and iOS 12. According to the official advisory, “a malicious application…
Twitter is expanding its Tip Jar (Tips) functionality with the option to send and receive funds using Bitcoin. Tips is meant to help users receive donations from followers, and is first being made available to iOS users. However, Android users…
