The Slackor RAT is a tool developed primarily for security researchers allowing for malicious actors to use Slack as a server backend. In real-world scenarios it can also be utilized by hackers in large-scale attacks. This can be extremely dangerous…
Sucuri researchers just reported that someone got in touch with them regarding “a malicious process they had discovered running on their web server”. The process in question was quite heavy on the CPU, pointing to a cryptominer process running in…
Linux. On Windows. It sounds like something straight out of a Skyrim mod where you can add Dark Souls in it but just like what Todd Howard said, “It just works.” No seriously, you can run Linux or Bash on…
We haven’t heard any news about Ryuk ransomware for some time but it seems its operators are back on track as the ransomware has been updated. The new variant is adding an IP address and computer blacklisting to skip the…
A new lucrative method for generating profits in digital currencies has been created and used for a while now. It is known as Digital Currency Mining, and everyone can participate in it. However, this type of profit generating via using…
A Chrome extension was just removed from the browser’s official Web Store because it was covertly hijacking search engine queries and taking users to suspicious search results. The extension in question is Youtube Queue, and it has been installed by…
Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability. This means that your Firefox browser needs to be patched immediately so that…
Avast researchers hacked a smart coffee maker “in all kinds of ways”. They even turned it into a ransomware tool and a gateway to a home network. The idea of this hacking project was to see how deep IoT vulnerabilities…
IBM researchers just discovered another serious zero-day vulnerability, this time impacting TP-Link Wi-Fi Extenders. The vulnerability (known as to CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware…
A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attacks. Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed…
The dangerous Houdini worm has been transformed into a new variant dubbed WSH Remote Access Tool (RAT). More specifically, the new malware is an iteration of the VBS-based Houdini also known as H-Worm, which first appeared back in 2013. The…
Security researchers discovered yet another Android Trojan that uses push notifications to trick users into subscribing to dubious sites. The Trojan is known under the Android.FakeApp.174 detection name. Android.FakeApp.174 In Detail Android.FakeApp.174 uses Google Chrome to load questionable websites that…
Tavis Ormandy, security researcher at Google’s Project Zero, has “noticed a bug in SymCrypt, the core library that handles all crypto on Windows.” The bug is a zero-day of the DoS (denial-of-service) type. The bug means that “basically anything that…
It is a known fact that vulnerabilities in medical devices can endanger the physical security of patients. Security researchers have discovered two new such vulnerabilities, one of which is critical and could allow full control of the medical device. The…
A new side-channel exploit against dynamic random-access memory (DRAM) has been discovered. The attack, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware. RAMBleed has been identified as CVE-2019-0174.…
The Evernote Web Clipper For Chrome extension has been identified to contain a very dangerous flaw described in the CVE-2019-12592 advisory allowing for sensitive user data to be acquired. According to the released information the cause for this vulnerability is…
WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack. The security reports indicate that this is done so via a specially modeled scenario. Massive Spam Attack Hits WordPress Sites A recent security report reveals…
The BlueKeep Vulnerability which is tracked in the CVE-2019-0708 is actively used against hospitals and medical institutions. This is a dangerous flaw in the last versions of the Microsoft Windows operating system, including the embedded releases. Successful exploitation allows the…
A total of 88 vulnerabilities were fixed in Microsoft’s June Patch Tuesday. 22 of the flaws are rated critical, and four of the fixes addressed previously announced elevation of privileges zero-days. None of the flaws in this month’s share of…
A database containing 8.4 TB of email metadata was left exposed to the internet. The database belonged to a major Chinese research university. The good news is that it is now secured. While searching Shodan, security researcher Justin Paine, who…
