Security researchers Aleksei Stennikov and Timur Yunusov recently unearthed vulnerabilities in two of the largest manufacturers of point-of-sale (PoS) devices – Verifone and Ingenico. The vulnerabilities presented during Black Hat Europe 2020 could have enabled cybercriminals to steal credit card…
CVE-2020-17049 is a Kerberos security feature bypass vulnerability that has now been weaponized by a proof-of-concept exploit code. The PoC code displays a new attack technique that can enable threat actors to access network-connected services. Such an attack can have…
Security researchers reported several critical flaws in a core networking library that powers Valve’s online gaming. The flaws could have enabled threat actors to crash games and gain control over third-party game servers remotely. Check Point discovered the vulnerabilities. First…
There is hardly a company that cannot be hacked, cybersecurity ones included. Moreover, even one of the most prominent cybersecurity firms in the world is susceptible to hacking. A state-sponsored actor recently targeted FireEye in a highly sophisticated attack that…
Security researchers reported that a new malicious service is enabling cybercriminals to improve their detection evasion mechanisms. Called obfuscation-as-a-service, the service shows how “robust the cybercriminal economy is,” as pointed out by DarkReading contributing author Ericka Chickowski. New obfuscation-as-a-service platform…
The latest target of cybercriminals is the international vaccine supply chain, IBM says. The researchers tracked a malicious campaign that targeted the delivery cold chain needed to keep COVID-19 vaccines at the right temperature during transportation. Since the attacks are…
A severe vulnerability for the Google Play Core Library was reported in Late August. Known as CVE-2020-8913, the flaw endangers many widely-used Android Apps such as Grindr, Cisco Teams, Microsoft Edge, Booking.com, Viber, OkCupid. New Check Point research reveals that…
Facial recognition during a coronavirus pandemic when most people are wearing masks is a hot topic in security. A new NIST (National Institute of Standards and Technology) study of face recognition technology created after the Covid-19 pandemic started reveals significant…
CVE-2020-9844 is an iOS security vulnerability disclosed by Google Project Zero Ian Beer. The now-patched critical wormable bug could enable remote hackers to gain complete control of nearby vulnerable devices over Wi-Fi. According to the official CVE description, CVE-2020-9844 is…
Apple users are at risk of new malware targeting macOS. Discovered by Trend Micro researchers, the campaign is connected to the OceanLotus hacking group, most likely associated with the Vietnamese government. The hacking group targets foreign organizations in Vietnam, such…
Another fine for Facebook for breaching users’ privacy in South Korea Facebook has been penalized for sharing user data without consent in South Korea. The fine is approximately $6 million, following a report by the Personal Information Protection Commission (PIPC).…
GitHub has fixed a severe security vulnerability, reported by Google Project Zero researchers about three months ago. The flaw affected GitHub’s Actions feature, a developer workflow automation tool, and was discovered by Felix Wilhelm. In the researcher’s own words, the…
The winter holidays are around the corner, and so is new skimming malware. Cybercriminals recently released campaigns distributing the Grelos malware, a common Magecart variant. Analyzed by RiskIQ researchers, this strain comprises a rehash of the original code first spotted…
Security researchers spotted a new piece of infostealing malware called Jupyter. The malware is a .NET infostealer that primarily targets Chromium, Firefox, and Chrome browser data, say Morphisec researchers. Jupyter Infostealer According to the research, the malware demonstrates many capabilities…
CVE-2020-26070 is a high-severity flaw in Cisco ISO XR software. The bug could allow unauthenticated, remote hackers to take advantage of Cisco Aggregation Services Routers known as ASR. CVE-2020-26070 in Detail The vulnerability resides in Cisco ISO XR software. The…
Kaspersky researchers recently discovered new ransomware targeting Linux systems. The team came across a 64-bit ELF executable designed to encrypt data on Linux-running machines. The analysis shows that the ransomware shares many similarities with a previously known family called RansomEXX.…
Android devices are prone to attacks carried out by a new banking Trojan. Dubbed Ghimob, the malware can spy and harvest data from 153 Android applications in countries such as Brazil, Paraguay, Peru, Portugal, Germany, Angola, and Mozambique. Security research…
Have you heard of Tianfu Cup? Tianfu Cup is China’s biggest hacking competition that also happens to give away some of the highest reward payments. In this year’s edition, several tech-giants were “pwned”, including names like Microsoft, Samsung, VMWare, Google,…
Security researchers recently detected a surge in attacks against Israeli companies. Some of the intrusions were carried out by well-known ransomware strains ReVil and Ryuk. However, a new ransomware was also spotted, the previously unknown Pay2Key. Previously Unknown Pay2Key Ransomware…
Apple recently released security fixes for iOS, iPadOS, watchOS, and macOS, addressing vulnerabilities reported by Google’s Project Zero. According to the company’s security advisories, three of the flaws were reported by Project Zero and are being exploited in the wild.…
