Operation SignSight is a new supply chain attack targeted against Vietnamese private companies. SignSight attackers are smart, aiming to embed malware inside an official government software toolkit. SignSight attacks aimed against the Vietnam Government Certification Authority The attack discovered and…
Two critical vulnerabilities (CVE-2020-29491 and CVE-2020-29492) with CVSS score of 10 were discovered in specific Dell Wyse this client devices. The vulnerabilities could be exploited in remote code execution attacks to access files on compromised devices, and were reported by…
Apparently high-profile state-sponsored cyberattacks continue to be carried out without disturbance. According to news reports, a dangerous attack against Al Jazeera journalists was done by using an iPhone spyware utility that has been used by an advanced hacking group. From…
The Black Kingdom ransomware developers have been detected to attempt a new strategy in spreading the dangerous malware, this time by creating virus-infected and fake Cyberpunk 2077 related files. This comes at the same time as the release of a…
Sophos security researchers just released new information regarding the SystemBC tool used in multiple ransomware attacks. Similar approaches in how the tool is used could mean one or more ransomware-as-a-service affiliates deployed it. SystemBC is a backdoor providing persistent connection…
Is 5G dangerous? This question definitely has more than one connotation, but we are going to look at the cybersecurity risks it could pose. Security analysis recently revealed several potential weaknesses in 5G that could be exploited in denial-of-service (DoS)…
The dangerous Sunburst Trojan, believed to be linked to a Russian hacking group, has been stopped by a joint kill switch devised by a team of specialists from Microsoft, GoDaddy, and FireEye. This was reported in the security community after…
We advise you to check whether you’re running the latest version of the Firefox browser. Mozilla just fixed several vulnerabilities, one critical and several high-severity. The update is included in Firefox version 84, and it also boosts Firefox’s performance adding…
Security researchers recently uncovered Gitpaste-12, a new worm using GitHub and Pastebin for keeping component code. The new malware has 12 different attack modules available, says security firm Juniper. Gitpaste-12 Worm targeting Linux-based x86 servers The Gitpaste-12 worm became evident…
Medical data consists of highly sensitive personal and health details. If it is openly available to anyone, medical data can be abused in many ways. Unfortunately, we have seen plenty of medical breaches, and the trend continues. The Report: 45…
If you hear that a dataset of 20 million malware samples is now available online, how would that make you feel? Maybe worried? The truth is that such a dataset is now accessible to the public, but as a part…
Security researchers Aleksei Stennikov and Timur Yunusov recently unearthed vulnerabilities in two of the largest manufacturers of point-of-sale (PoS) devices – Verifone and Ingenico. The vulnerabilities presented during Black Hat Europe 2020 could have enabled cybercriminals to steal credit card…
CVE-2020-17049 is a Kerberos security feature bypass vulnerability that has now been weaponized by a proof-of-concept exploit code. The PoC code displays a new attack technique that can enable threat actors to access network-connected services. Such an attack can have…
Security researchers reported several critical flaws in a core networking library that powers Valve’s online gaming. The flaws could have enabled threat actors to crash games and gain control over third-party game servers remotely. Check Point discovered the vulnerabilities. First…
There is hardly a company that cannot be hacked, cybersecurity ones included. Moreover, even one of the most prominent cybersecurity firms in the world is susceptible to hacking. A state-sponsored actor recently targeted FireEye in a highly sophisticated attack that…
Security researchers reported that a new malicious service is enabling cybercriminals to improve their detection evasion mechanisms. Called obfuscation-as-a-service, the service shows how “robust the cybercriminal economy is,” as pointed out by DarkReading contributing author Ericka Chickowski. New obfuscation-as-a-service platform…
The latest target of cybercriminals is the international vaccine supply chain, IBM says. The researchers tracked a malicious campaign that targeted the delivery cold chain needed to keep COVID-19 vaccines at the right temperature during transportation. Since the attacks are…
A severe vulnerability for the Google Play Core Library was reported in Late August. Known as CVE-2020-8913, the flaw endangers many widely-used Android Apps such as Grindr, Cisco Teams, Microsoft Edge, Booking.com, Viber, OkCupid. New Check Point research reveals that…
Facial recognition during a coronavirus pandemic when most people are wearing masks is a hot topic in security. A new NIST (National Institute of Standards and Technology) study of face recognition technology created after the Covid-19 pandemic started reveals significant…
CVE-2020-9844 is an iOS security vulnerability disclosed by Google Project Zero Ian Beer. The now-patched critical wormable bug could enable remote hackers to gain complete control of nearby vulnerable devices over Wi-Fi. According to the official CVE description, CVE-2020-9844 is…
