Two out-of-band security updates addressing the CVE-2020-17022 and CVE-2020-17023 vulnerabilities were just released. The two flaws could trigger remote code execution in Microsoft Windows Codecs Library and Visual Studio Code. As both flaws are rated as important in severity, you…
A critical security vulnerability was patched in Windows in October 2020’s Patch Tuesday. CVE-2020-16898 is a flaw discovered in IPv6 Router Advertisement Options also known as DNS RA options. The flaw resides in Windows TCP/IP stack, responsible for handling RA…
Have you ever wondered how much does access to a compromised network cost? A new report reveals that initial network access price has tripled in September in comparison with August. Initial network access is what gets malicious hackers inside an…
A new strain of Android ransomware is currently circling the web. Called MalLocker.B, the ransomware is a known threat that has re-appeared with new techniques. Some of them include a new way to display the ransom note and an obfuscation…
Threat actors have found an efficient method to breach government networks. By combining VPN and Windows vulnerabilities, they have gained access to state, local, tribal, and territorial government networks. The information comes from a security alert published by FBI and…
Facebook just launched a unique loyalty program called Hacker Plus for the company’s bug bounty platform. This loyalty program is the first of its kind for a technology giant. Similar loyalty programs have been launched by airlines and hotels. Hacker…
Security researchers just uncovered a new fileless attack that exploits Microsoft Windows Error Reporting (WER). The hacking group behind the so-called Kraken attack is yet to be identified. Security researchers Hossein Jazi and Jérôme Segura say that the attack relies…
Security researchers recently discovered a new UEFI attack, where a compromised UEFI firmware image contained a malicious implant. Part of a malware framework called MosaicRegressor, the attack compromised victims with ties to North Korea between 2017 and 2019. Unified Extensible…
Ransomware continues to be a top threat to both home and enterprise users. Fortunately, security researcher Florian Roth just released a ransomware vaccine. Called Raccine, the tool monitors for the deletion of shadow volume copies, which ransomware typically wipes out.…
Microsoft developed a new tool to enable system admins to update the Defender package within Windows installation images (WIM or VHD). The tool serves enterprises where administrators utilize installation images to service workstations and servers. These images may be reused…
An unknown hacking group is leveraging a previously-unknown malware called Ttint which is categorized as an IoT-specific Trojan. What we know is that the hacker developers are using two zero-day vulnerabilities to intrude onto the target devices. The security analysis…
A UK government report indicates a flaw of national significance in Chinese company Huawei. The Huawei Cyber Security Evaluation Centre (HCSEC) was set up by the UK government and the tech company to evaluate equipment meant for UK networks. HCSEC…
GitHub is getting a new feature that will inform the platform’s users about security flaws in their code. The feature is called Code Scanning, and it is available for both free and paid user accounts. The feature was first announced…
Security researchers detected a dangerous and widespread attack against companies in Russia, the hacking group behind is known as OldGremlin. The targets are prolific companies in different sectors, and the hackers appear to be using different ransomware and related malware…
Microsoft has been pushing Windows users towards its Edge Browser and Bing search engine. Unfortunately, a new security report reveals that a back-end server associated with Bing has exposed sensitive data belonging to users of the mobile application. Bing Associated…
A new vulnerability in Mozilla Firefox for Android was just discovered. The vulnerability was made public by security researcher Lukas Stefanko who disclosed it in a Twitter alert. The vulnerability is high-risk and it can lead to remote code execution.…
A new dangerous attack campaign has been detected by security researchers involved in the distribution of the MrbMiner malware which is programmed to infect MSSQL databases. They are part of enterprise and company sites and are used to contain sensitive…
Here comes a new major, massive vulnerability that affects billions of devices, including smartphones, tablets, laptops, and IoT appliances. Dubbed BLESA, OR Bluetooth Low Energy Spoofing Attack, the flaw affects devices that run the Bluetooth Low Energy protocol, shortly known…
Computer security researchers have detected a new massive SPAM campaign which has received the code name ‘Salfram’ and targets primarily business users and companies. Several hacking groups are behind the attacks and depending on the current configuration various malware are…
Microsoft is not giving up on pushing its Edge browser to Windows users, and another mandatory update proves that. Despite adopting the Chromium engine, the company doesn’t want you to use Chrome or any other browser, and just released a…
