CVE 2019-1166 and CVE-2019-1338 are two vulnerabilities in Microsoft’s NTLM authentication protocol which were discovered by Preempt researchers. Fortunately, both flaws were patched by Microsoft in October 2019 Patch Tuesday. Attackers could exploit the flaws to achieve full domain compromise.…
iTerm2, a well-known open-source terminal emulator macOS app, has been found vulnerable to e critical flaw, which is known as CVE-2019-9535. The flaw was discovered during an audit sponsored by Mozilla, the company behind the Firefox browser. As for the…
SVE-2019-15435 is one of 21 vulnerabilities in Samsung devices which affect Galaxy S8, S9, S10, S10e, S10 Plus, S10 5G, Note 9, Note 10 and Note 10 Plus users. SVE-2019-15435 in particular is a critical issue, which is described as…
Webroot has released a new threat report which sums up what has been happening in the malware sector so far in 2019. The report is described as a “mid-year update to the annual Webroot Threat Report” and it showcases data…
A dangerous new hacking collective known as Mustang Panda is leveraging macro-infected documents to target users worldwide. The large-scale campaign appears to be against both public and private sectors. At the moment there is no information available about the intentions…
Hacking groups have been found to use outdated VPN software and specific exploits found in them to spy on the victims. This is according to several reports from government security agencies. This is particularly dangerous as the criminal collectives can…
LiLocked ransomware, also known as LiLu, is once again active in campaigns, this time affecting thousands of web servers. This is a new strain of the LiLocked ransomware which we wrote about in July this year. LiLocked Ransomware Currently Targeting…
Are you holding an Android device in your hands? Perhaps you are reading this article on your Android phone? Android appears to be the most popular mobile operating system. In fact, in the second quarter of 2018, 88 percent of…
A security team of experts have discovered a new generation of malware that is created by the Turla hacking group and is called the Reductor Trojan. According to the available research it is a successor to the already released COMpfun…
Android applications are constantly acquiring user data without the users knowing about this process. According to a recent study a large part part of software installed on devices running Google’s operating system can harvest sensitive data without notifying or asking…
Remember CVE-2019-16759, the vBulletin vulnerability which was found to affect hundreds of thousands of internet forums? The bug has been exploited in attacks. What is worse, it was leveraged to steal data from Flirtsexchat. As the name suggest, Flirtsexchat is…
One of the malware phenomena that is rapidly expanding is the Geost Android botnet which is reported to have gained the size of more than 800,000 hosts, most of them in Russia. The end goal of the botnet is to…
A Yahoo employee has been found guilty of hacking the inboxes of 6,000 users of the company’s service. The engineer invaded the privacy of the users in order to look for private sexual content belonging to the users — both…
There’s a new iOS exploit that affects all iOS devices running on A5 to A11 chipsets. The exploit is dubbed checkm8 and it was discovered by a researcher known as axi0mx. The checkm8 Exploit Explained The checkm8 exploit leverages vulnerabilities…
There’s a new trend in the black market, and it’s known as disinformation-as-a-service. Security researchers report that underground forums where malware is typically sold are know offering the so-called commercial disinformation services. Cybercriminals are now offering their services to create…
PDFex is the name of a new type of attack that is built by German researchers from several universities, to prove that the PDF encryption is quite vulnerable. PDFex was tested against 27 desktop and web PDF viewers, such as…
A number of high-severity vulnerabilities were unearthed in Cisco IOS and IOS XE network automation software. One of the flaws affects the company’s industrial and grid routers, making the impact incomprehensible. Severe Cisco IOS and IOS XE Vulnerabilities Discovered According…
Ransomware has been known to leverage various known vulnerabilities to gain access to systems. Some vulnerabilities are more common in ransomware attacks, so security researchers at RiskSense decided to analyze the most common ones which are used across multiple families…
An unknown hacking group which is suspected to originate from China has been found to launch a massive attack globally using a Trojanized version of the Narrator service with the PcShare malware. This is particularly dangerous as the ongoing campaign…
Cybercriminals appear to be working on a new way to steal payment card data. According to IBM security researchers, a group of hackers is currently developing malicious scripts to use against commercial-grade Layer 7 (L7) routers. This would entirely change…
