A new side-channel exploit against dynamic random-access memory (DRAM) has been discovered. The attack, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware. RAMBleed has been identified as CVE-2019-0174.…
The Evernote Web Clipper For Chrome extension has been identified to contain a very dangerous flaw described in the CVE-2019-12592 advisory allowing for sensitive user data to be acquired. According to the released information the cause for this vulnerability is…
WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack. The security reports indicate that this is done so via a specially modeled scenario. Massive Spam Attack Hits WordPress Sites A recent security report reveals…
The BlueKeep Vulnerability which is tracked in the CVE-2019-0708 is actively used against hospitals and medical institutions. This is a dangerous flaw in the last versions of the Microsoft Windows operating system, including the embedded releases. Successful exploitation allows the…
A total of 88 vulnerabilities were fixed in Microsoft’s June Patch Tuesday. 22 of the flaws are rated critical, and four of the fixes addressed previously announced elevation of privileges zero-days. None of the flaws in this month’s share of…
A database containing 8.4 TB of email metadata was left exposed to the internet. The database belonged to a major Chinese research university. The good news is that it is now secured. While searching Shodan, security researcher Justin Paine, who…
The CVE-2019-2725 vulnerability which is exhibited in the Oracle WebLogic Server application was abused by hackers leading to Monero miner infections. Several security reports indicate that criminal groups are taking advantage of the bug and are set onto infecting as…
The popular Linux editors Vim and Neovim have been found to contain a very dangerous flaw which is tracked in the CVE-2019-12735 advisory. Its exploitation allows the hackers to execute arbitrary code on the affected operating system. The Vim and…
Malboard is a new sophisticated attack developed by security researchers at Israeli Ben-Gurion University of the Negev (BGU). The attack involves a compromised USB keyboard to generate and send malicious keystrokes that mimic user behavior. What makes this attack sophisticated…
Emails delivering malware is not news but this campaign deserves attention because it uses a previously patched exploit and requires zero interaction. An active malware campaign which is using emails in European languages distributes RTF files that carry the CVE-2017-11882…
Security researcher SandboxEscaper has released the details of CVE-2019-0841, another zero-day affecting Windows 10 and Windows Server 2019. The details have been published on GitHUb and are now available in the same account with the previously disclosed eight zero-days. The…
CVE-2019-10149 is a critical security vulnerability in the Exim mail transfer agent (MTA) software. The flaw is located in Exim versions 4.87 to 4.91 included, and is described as improper validation of recipient address in deliver_message() function in /src/deliver.c which…
GoldBrute is the name of a new botnet which is currently scanning the internet and attempting to locate poorly protected Windows machines with RDP (Remote Desktop Protocol) connection enabled. The botnet was discovered by security researcher Renato Marinho of Morphus…
An unknown hacking group may have breached the Microsoft Outlook support agent service in a recent attack against the company. This has allowed the hackers to gain sensitive data about the users on the email platform — they were able…
A new report by Bromium titled Behind the Dark Net Black Mirror offers a detailed analysis of the dark net markets. The report has been carried out by Dr. Michael McGuire who will present his findings in full during the…
An unknown hacking collective is behind a massive phishing attack that involves the creation of a fake Cryptohopper website. This is a very popular cryptocurrency trading platform which is used by thousands of users. Any interaction with any of them…
Check Point security researchers revealed multiple critical vulnerabilities in a popular IPTV platform called Ministra. The vulnerabilities could allow attackers to bypass authentication and obtain users’ information. The impact of the vulnerabilities could be quite devastating. The research shows that…
The well-known RIG exploit kit is currently distributing the Buran ransomware, which is a version of Vega (VegaLocker) ransomware. A security researcher known as nao_sec was the first to notice a malvertising campaign redirecting users to the RIG EK which…
Ayoub Fathi, a security researcher has uncovered a dangerous Shopify API vulnerability that allows criminals to hijack a lot of sensitive information from online stores. The problem appears to lie in the API used by the system which is designed…
A new extensive research paper titled “Improving Vulnerability Remediation Through Better Exploit Prediction” reveals the number of discovered vulnerabilities in the past ten years (between 2019 and 2018), and also shares the percentage of actively exploited flaws. Surprisingly, only 4,183…
