The RIPlace ransomware bypass technique, discovered by security researchers in November 2019, has now been implemented by the Thanos ransomware family. This is the first case of RIPlace being utilized by ransomware. The technique relies on just a few lines…
CVE-2020-13777 is a vulnerability in GnuTLS, a widely adopted, open source library that implements Transport Layer Security. The vulnerability has been present in the library for nearly two years, making resumed TLS 1.3 sessions vulnerable to attack. The vulnerability, introduced…
Security researchers have published their findings about a new attack that can hijack data from Intel CPUs. This technique illustrates a new approach that can be used to hack into computers that are running the company’s processors. It is called…
June 2020 Patch Tuesday is Microsoft’s biggest so far, containing fixes for 129 vulnerabilities. On the positive side, despite being the largest Patch Tuesday in the history of the company, it doesn’t include fixes for zero-day bugs, meaning that none…
Microsoft has released a security update in the .NET core system which fixes the CVE-2020-1108 issue detected in the framework. This was a critical problem that resulted in the ability to conduct Denial of Service (DoS) attacks which can be…
A new security report indicates that the KingMiner crypto-mining operation is back in the game with new attacks against MSSQL (Microsoft SQL) databases. Owners of such databases should secure their servers, as Sophos researchers detected brute-force attacks attempting to guess…
A severe vulnerability, known under the CVE-2020-12695, has been discovered in a core protocol in nearly all IoT devices – the Universal Plug and Play (UPnP) protocol. The flaw, dubbed CallStranger could allow attackers to take over IoT devices in…
Honda has become the latest victim of the Snake ransomware, a particularly dangerous file encrypting virus which bestows the Ekans extension to the affected files. The hacking group who has organized the attack campaign has been able to shut down…
An unknown hacking group is organizing a dangerous phishing campaign; infected CV files are being used as carriers of the Zloader banking Trojan. The data is placed inside Microsoft Excel which when run will install the malware and run it…
An unknown hacking group is behind a new dangerous threat which is called the USBCulprit malware. It is designed to silently infiltrate secured systems that are air-gapped — this means that they will not be connected to the external network.…
Computer hackers are utilizing a new malicious tactic attempting to trick end users into falling victims to a dangerous attack. This time the campaign is set against remote workers that work for well-known companies. The criminals are creating fake and…
Have you updated your Firefox browser? Mozilla just released security updates addressing eight vulnerabilities, five of which rated as high-risk. To be protected against the attacks, users should be running Firefox 77. If you haven’t restarted your Firefox browser in…
A new vulnerability in LG smartphones, CVE-2020-12753, was recently discovering, affecting models from the past seven years. A security update has been issued that addresses the vulnerability which impacts the bootloader component in LG smartphones. This component is separate from…
Google is the subject of a class action, and the accusations are regarding the invasion of the privacy of millions of users. The complaint, filed to the District Court of Northern California claims that Google is tracking users’ browsing and…
A warning was issued recently regarding phone calls from the so-called contact tracers. The phone calls supposedly alert people about having been in close proximity with potential carriers of COVID-19. In danger are particularly British people, TheRegister reported. Why British…
This week started with the discovery of a threat called Octopus Scanner which has been found in infected GitHub repositories. What we know is that it has been lurking on the cloud platform for several weeks now and it is…
A new Confiant report explores “the details behind a recent spree of website hacks” as well as the malicious payloads delivered to victims. The report also includes details on drive-by downloads, their current state in major browsers, and how they…
The largest free web hosting provider for dark web services has been hacked. Daniel’s Hosting was hacked in March this year, and its database was subsequently leaked online. Apparently, a hacker known as KingNull not only breached the portal and…
In April, security researcher Bhavuk Jain discovered a zero-day vulnerability in Sign in with Apple that affected third-party applications using the feature without implementing their own security measures. According to the researcher, the Apple zero-day “could have resulted in a…
A group of hackers is using the Hoaxcalls botnet in an ongoing infection campaign over the several months. This is a derivative threat based on the Gafgyt malware code and using several exploits targeting devices. HoaxCalls Botnet Delivered Using Dangerous…
