A new spear phishing campaign leveraging LinkedIn users is using fake job offers to lure potential victims. The payload of the malicious operation is the more_eggs backdoor controlled by the Golden Chicken hackers. According to eSentire security researchers, the phishing…
Have you changed your Facebook password lately? If you haven’t, you may want to change it – security researchers reported a massive data breach exposing the phone numbers and personal details of millions of users. The exposed data consists of…
Security researchers reported vulnerabilities in several legacy models of QNAP network attached storage devices. These devices are prone to remote unauthenticated attacks due to two zero-day flaws – CVE-2020-2509 and CVE-2021-36195. According to SAM’s security research team, QNAP TS-231’s latest…
Is your online privacy respected by large tech companies? Not so much! Both Google’s Pixel and Apple’s iPhone are siphoning mobile device data without the users’ consent. According to researcher Douglas Leith from Trinity College, both iOS and Android transmit…
Cybercriminals constantly reinvent themselves and their hacking approaches. One of the latest “innovations” in the world of cyber scamming focuses on cybercrooks targeting cybersecurity researchers. Cybercrooks posing as cybersecurity researchers… targeting cybersecurity researchers “In January, the Threat Analysis Group documented…
The official PHP Git server was recently compromised in a software supply chain attack. The attackers pushed unauthorized updates to implant a backdoor in the server’s source code. PHP Git Server Cyberattack: What Should You Know? “Yesterday (2021-03-28) two malicious…
CVE-2020-11261 is a new dangerous vulnerability in Android devices. The vulnerability affects Qualcomm chipsets and their Graphics component in an issue called “improper input validation.” CVE-2020-11261: Some Details If exploited successfully, the flaw could cause memory corruption when a malicious…
Security researchers are warning of a new malware piece specifically targeting iOS developers. Known as XcodeSpy, the malware is a trojanized version of a legitimate app. XcodeSpy: Trojanized Xcode Project Targeting iOS Developers Sentinel Labs researchers recently became aware of…
New security reports indicate the emergence of new Mirai botnets exploiting specific vulnerabilities to target IoT devices. The attacks are ongoing, trying to download a malicious shell script with further infection outcomes, such as the execution of Mirai variants and…
Are you a proud owner of an iPhone or iPad? You should know that it is highly likely for Apple to change how it delivers security updates to these devices. Specific code detected in iOS 14.5 indicates that Apple is…
New analysis indicates that a well-known security vulnerability in Microsoft Office is still exploited by threat groups. The vulnerability in question is CVE-2017-11882, a memory corruption flaw in Microsoft Office Equation Editor, first discovered in December 2017. The exploit allows…
If you haven’t recently checked what version of Google Chrome you are using, you should definitely check. Google recently addressed another actively exploited zero-day vulnerability in its browser, CVE-2021-21193. This is the second time Google releases such an update within…
It seems that there’s a wave of iOS and macOS vulnerabilities being uncovered by security researchers. The latest one concerns Automatic Call Recorder, an iOS call recording application which contained a bug that could give access to users’ conversations. The…
A new vulnerability affecting iOS, macOS, watchOS, and Safari browser was recently detected by security researchers. Apple has already released a fix for the bug, CVE-2021-1844. CVE-2021-1844 in iOS, macOS, watchOS The vulnerability was discovered by two researchers: Clément Lecigne…
A new warning concerning the Linux community was just released. Avoid the First Release Candidate of Linux Kernel 5.12, Linus Torvalds Warns According to Linus Torvalds, open-source developers should avoid the first release candidate of Linux kernel 5.12. Even though…
During last year’s Data Privacy Day (January 27th, 2021), Apple shared its initiative “A Day in the Life of Your Data”. The document presented detailed information of how data is being collected from users, and how data brokers generally operate.…
The infamous Ryuk ransomware has received an important update, equipping it with a new work-like capability. The capability allows the ransomware to spread across compromised networks, making it even more dangerous. Ryuk ransomware updated with new worm-like capability The Ryuk…
Microsoft recently addressed four zero-day vulnerabilities in its Exchange email server. The flaws’ impact is quite alarming, as the Exchange platform is one of the most popular in enterprise infrastructure. Moreover, Microsoft believes the flaws were actively exploited by a…
Amazon Alexa’s users should be aware of a new vulnerability in the voice assistant skill vetting process. Vulnerabilities in Alexa Skill Ecosystem The loopholes could allow threat actors to publish a deceptive skill under any arbitrary developer name. They could…
A privacy bug related to the built-in Tor mode was recently patched in Brave browser. The bug was spotted by bug hunter known as xiaoyinl, and reported to Brave via its HackerOne bug bounty program. Brave Browser’s built-in Tor mode…
