Security researchers detected a global, large-scale premium SMS campaign that leverages 151 malicious Android apps downloaded 10.5 million times. The end goal of the campaign, called UltimaSMS, is to trick users into premium subscription services without their knowledge or consent.…
Mozilla blocked two malicious Firefox add-ons installed by nearly half a million users. The extensions abused the Proxy API to obstruct updates to the browser. Related: The Great Suspender Chrome Extension Contains Malware Bypass and Bypass XM Extensions Obstruct Browser…
Truth Social is a new social media network allegedly being developed by Donald Trump. Trump Announces New Social Media Platform to Fight the Tyranny of Big Tech The former president announced on Wednesday the pending launch of the social network,…
CVE-2021-42299 is a new vulnerability in Microsoft Surface Pro 3 laptops. The flaw could enable attackers to introduce malicious devices within enterprise networks, compromising the device attestation mechanism. As explained by Microsoft, this mechanism helps confirm a device’s identity. It…
The Argentinian government’s IT network has been hacked. As a result, ID card details of the entire population of the country were stolen. The data is now being sold in “private circles,” The Record recently reported. Apparently, the hack of…
The fourth edition of the well-known Tianfu Cup hacking content took place during the weekend of October 17 and 17 in Chengdu. The competition was won by Kunlun Lab, a Chinese cybersecurity company. Kunlun Lab’s team got the monetary award…
A new vulnerability is lurking in unpatched versions of LibreOffice and OpenOffice, making it possible for hackers to manipulate documents to make them look like they have been signed by a trusted source. Even though the vulnerability (CVE-2021-41832 in OpenOffice…
NSA recently released a warning regarding a specific type of attack, known as the ALPACA technique. Shortly said, the Agency is warning network administrators of the risk of using “poorly scoped wildcard Transport Layer Security (TLS) certificates.” NSA’s guidance also…
Security researchers have uncovered a new, previously unseen malware family targeting Linux systems. Dubbed FontOnLake by ESET researchers, and HCRootkit by Avast and Lacework, the malware has rootkit capabilities, advanced design and low prevalence, suggesting that it is primarily meant…
There’s an issue with the popular open-source CAPTCHA software developed by MyBB. The platform is warning its users that the latest version of its software includes a CAPTCHA-breaking bug that could affect forum functionality. MyBB CAPTCHA Bug Explained MyBB is…
Security researchers just reported three security vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) in Axis video products, that could be exploited in various attacks against businesses. The flaws are located in Axis IP video surveillance systems and could allow arbitrary code execution. CVE-2021-31986,…
Apache just patched two security vulnerabilities (CVE-2021-41773 and CVE-2021-33193) in Apache HTTP Server 2.4.49, one of which important and the other one moderate. CVE-2021-41773 CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49. There are…
Syniverse, a global company that provides technology and business services for a number of telecommunications companies, such as AT&T, T-Mobile, Verizon, Vodafone, and China Mobile, has been hacked. According to a “quiet disclosure” the company made, hackers have been inside…
Are you having trouble reaching Facebook, WhatsApp and Instagram? Don’t be shocked – even the most popular services suffer outages, and these three are no exclusion. Facebook, WhatsApp, Instagram Down All three platforms stopped working a few hours ago. According…
Windows 11 official launch is due tomorrow, October 5. Windows 10 users with eligible devices are presented with the option of a free upgrade. You can also buy a new computer with a pre-loaded Windows 11 operating system. But is…
The notorious Conti ransomware has been updated with an intriguing capability – destroying the victim’s backups. Conti ransomware hunts for Veeam privileged users and services According to a detailed report by Vitali Kremez and Yelisey Boguslavskiy of Advanced Intelligence, Conti…
Apple’s personal item-tracker devices, known as AirTag, can be exploited to deliver malware, cause clickjacking, steal user credentials and tokens, due to a zero-day XSS vulnerability. AirTag is an iPhone accessory that provides a private and secure way to easily…
A nefarious Android trojan, called GriftHorse and hidden in an agressive mobile premium services campaign has stolen hundreds of millions of Euros. The discovery comes from Zimperium zLabs researchers who discovered the trojan has been using malicious Android applications to…
CVE-2021-26084 is a vulnerability in Atlassian Confluence deployments across Windows and Linux. The flaw is critical, and has been exploited to deploy web shells causing the execution of cryptocurrency miners on vulnerable systems. CVE-2021-26084: Critical Atlassian Confluence Vulnerability According to…
Kaspersky’s Secure List researchers just released new findings regarding the infamous surveillance toolset known as FinSpy, FinFisher or Wingbird. Related: Flubot Android Spyware Delivered via Fake SMS Messages about Missed Package Delivery Deeper Look into FinSpy’s Capabilities The researchers have…
