A Chrome extension was just removed from the browser’s official Web Store because it was covertly hijacking search engine queries and taking users to suspicious search results. The extension in question is Youtube Queue, and it has been installed by…
Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability. This means that your Firefox browser needs to be patched immediately so that…
Avast researchers hacked a smart coffee maker “in all kinds of ways”. They even turned it into a ransomware tool and a gateway to a home network. The idea of this hacking project was to see how deep IoT vulnerabilities…
IBM researchers just discovered another serious zero-day vulnerability, this time impacting TP-Link Wi-Fi Extenders. The vulnerability (known as to CVE-2019-7406) could lead to remote code execution attacks and affects TP-Link Wi-Fi Extender models RE365, RE650, RE350 and RE500 running firmware…
A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attacks. Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed…
The dangerous Houdini worm has been transformed into a new variant dubbed WSH Remote Access Tool (RAT). More specifically, the new malware is an iteration of the VBS-based Houdini also known as H-Worm, which first appeared back in 2013. The…
Security researchers discovered yet another Android Trojan that uses push notifications to trick users into subscribing to dubious sites. The Trojan is known under the Android.FakeApp.174 detection name. Android.FakeApp.174 In Detail Android.FakeApp.174 uses Google Chrome to load questionable websites that…
Tavis Ormandy, security researcher at Google’s Project Zero, has “noticed a bug in SymCrypt, the core library that handles all crypto on Windows.” The bug is a zero-day of the DoS (denial-of-service) type. The bug means that “basically anything that…
It is a known fact that vulnerabilities in medical devices can endanger the physical security of patients. Security researchers have discovered two new such vulnerabilities, one of which is critical and could allow full control of the medical device. The…
A new side-channel exploit against dynamic random-access memory (DRAM) has been discovered. The attack, which is dubbed RAMBleed allows malicious programs to read sensitive memory data from other processes running on the same hardware. RAMBleed has been identified as CVE-2019-0174.…
The Evernote Web Clipper For Chrome extension has been identified to contain a very dangerous flaw described in the CVE-2019-12592 advisory allowing for sensitive user data to be acquired. According to the released information the cause for this vulnerability is…
WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack. The security reports indicate that this is done so via a specially modeled scenario. Massive Spam Attack Hits WordPress Sites A recent security report reveals…
The BlueKeep Vulnerability which is tracked in the CVE-2019-0708 is actively used against hospitals and medical institutions. This is a dangerous flaw in the last versions of the Microsoft Windows operating system, including the embedded releases. Successful exploitation allows the…
A total of 88 vulnerabilities were fixed in Microsoft’s June Patch Tuesday. 22 of the flaws are rated critical, and four of the fixes addressed previously announced elevation of privileges zero-days. None of the flaws in this month’s share of…
A database containing 8.4 TB of email metadata was left exposed to the internet. The database belonged to a major Chinese research university. The good news is that it is now secured. While searching Shodan, security researcher Justin Paine, who…
The CVE-2019-2725 vulnerability which is exhibited in the Oracle WebLogic Server application was abused by hackers leading to Monero miner infections. Several security reports indicate that criminal groups are taking advantage of the bug and are set onto infecting as…
The popular Linux editors Vim and Neovim have been found to contain a very dangerous flaw which is tracked in the CVE-2019-12735 advisory. Its exploitation allows the hackers to execute arbitrary code on the affected operating system. The Vim and…
Malboard is a new sophisticated attack developed by security researchers at Israeli Ben-Gurion University of the Negev (BGU). The attack involves a compromised USB keyboard to generate and send malicious keystrokes that mimic user behavior. What makes this attack sophisticated…
Emails delivering malware is not news but this campaign deserves attention because it uses a previously patched exploit and requires zero interaction. An active malware campaign which is using emails in European languages distributes RTF files that carry the CVE-2017-11882…
Security researcher SandboxEscaper has released the details of CVE-2019-0841, another zero-day affecting Windows 10 and Windows Server 2019. The details have been published on GitHUb and are now available in the same account with the previously disclosed eight zero-days. The…
