Google security researcher Matthew Garrett discovered a zero-day vulnerability in TP-Link SR20 Smart Home routers. After the company failed to respond to the private disclosure, the researcher decided to make the flaw public. TP-Link SR20 Vulnerability Technical Overview The vulnerability…
A few years back, in 2016, we decided to analyze the most dangerous online places, which were represented not only by suspicious locations but also by legitimate websites and services. In truth, things haven’t changed for the better since 2016,…
Even the strangest of places can be attacked by ransomware, as is evident by the recent attack on a parking garage used by the Canadian Internet Registration Authority (CIRA). As a result of the attack, which happened on Tuesday (March…
NVIDIA GeForce Experience for Windows has been found to contain a security vulnerability, CVE‑2019‑5674, that could allow local attackers to elevate privileges, trigger code execution, and carry out denial-of-service attacks. Even though the vulnerability requires local user access, it could…
Microsoft just discovered a troublesome Huawei PC product that could have granted attackers with an easy way to temper with Windows kernel. According to Huawei’s advisory, “there is a privilege escalation vulnerability in Huawei PCManager product”. An attacker could trick…
Apple’s latest security advisory contains a total of 51 security vulnerabilities. The company released iOS 12.2 to address these flaws that affect iPhone 5 and later, iPad Air and later, and iPod touch 6th generation. 51 Vulnerabilities Fixed in iOS…
As we recently reported, the Norsk Hydro plant in Norway was recently attacked by the so-called LockerGoga ransomware. LockerGoga ransomware encrypts the victim’s data and demands money in the form of a ransom payment to get it restored. Researchers Discover…
Kaspersky Lab researchers made an alarming discovery. ASUS, one of the biggest computer makers, was used to install a malicious backdoor on customers’ machines. The installation took place last year after hacker compromised a server for the maker’s live software…
A number of heart defibrillators are vulnerable to severe, life-threatening attacks. The flaws, located in Medtronic’s Conexus radiofrequency wireless telemetry protocol, could allow attackers to hijack the devices remotely, thus putting the lives of countless patients at risk. More specifically,…
Windows Defender will be available for Mac business users, Microsoft announced. The company is bringing its anti-malware program to macOS in its attempt to expand the reach of the Defender Advanced Threat Protection platform. The application’s name is renamed as…
The Ginp Trojan is an Android malware which has been identified by a security researcher in one of its recent attack campaigns. The samples which are believed to be launched in the attack campaign date to the end of October…
A new, large-scale Mac malvertising campaign was just discovered. Security researchers at Confiant say that approximately 1 million user sessions have been potentially exposed. The payload of the malvertising campaign is the Shlayer Trojan. Who’s Behind the Mac Malvertising Campaign?…
The infamous IoT botnet Mirai has a new variant which is specifically configured to target embedded enterprise devices such as presentation system devices, surveillance systems and network storage devices. The discovery of the latest Mirai variant was made by Palo…
There’s a new exploit kit in town, and it’s called Spelevo EK. According to reports, the exploit kit is using the CVE-2018-15982 vulnerability to gain access to unpatched systems. The vulnerability is located in Flash Player. Flash Player versions 31.0.0.153…
A dangerous ransomware attack has hit one of the world’s biggest aluminium producers. The Norsk Hydro plant in Norway was likely attacked by the so-called LockerGoga ransomware. The attack took place on Monday, March 18, and appears to be ongoing.…
An ethical hacking project by a team of privacy experts has revealed a serious security flaw in one of Saudi Arabia’s most popular communication apps. Dalil user database is unsecured and easily accessible online; More than 5 million Dalil users…
Scammers are getting more creative and persuasive in their attempt to trick the potential victim into conducting a payment, typically in Bitcoin. All recent scams delivered via email have this in common – creating a sense of fear and urgency…
A new scam has been detected in the wild, exploiting the tragic Boeing 737 Max crashes in the attempt to drop malware. The spam emails use the following subject: “Airlines plane crash Boeing 737 MAX 8”. If you’ve received such…
CVE-2018-20250 is a critical vulnerability in WinRAR, which has been estimated to have been a part of the software for 19 years or even more. The vulnerability even forced the development team to drop support for a file format. This…
20 vulnerabilities have been fixed in the Intel Graphics Driver for Windows. The flaws could lead to a range of attacks such as escalation of privilege, denial of service and information disclosure. It should be mentioned that local access to…
