Two new Mac backdoors discovered
2017-03-01
On Valentine’s Day, Mac users got a special “treat” in the form of new malware. Then, later that same week, there were signs of yet another piece of malware looming. These threatsRead More →
XSS flaws in Zscaler Cloud management software allow logged attackers to hack coworkers
2017-03-01
Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploitedRead More →
ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle
2017-03-01
Bored hacker looking for fun? We couldn’t possibly suggest you attack the latest vulnerability in ESET’s antivirus software, because it’s too basic to offer any challenge at all. As outlinedRead More →
Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin
2017-02-28
The vulnerability can lead to attackers grabbing data from website database or user sensitive information. A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowingRead More →
Web Cache Deception Attack
2017-02-28
A few words about caching and reactions Websites often tend to use web cache functionality (for example over a CDN, a load balancer, or simply a reverse proxy). The purposeRead More →
DNS attacks: How they try to direct you to fake pages
2017-02-27
DNS servers are essential to the normal functioning of the internet as we know and love it, but they tend to go unnoticed by most users. At least, that is, until someRead More →
Stolen EHR data is flooding criminal underground communities in the Deep Web
2017-02-27
EHR data are precious commodities in the cyber criminal underground because of the lack of cyber security of healthcare industry. Electronic health record databases are becoming the most precious commoditiesRead More →
Vulnerability Deep Dive – Ichitaro Office Excel File Code Execution Vulnerability
2017-02-25
Vulnerabilities in word processing and office productivity suites are useful targets for exploitation by threat actors. Users frequently encounter file types used by these software suites in their day toRead More →
Database Ransom Attacks Have Now Hit MySQL Servers
2017-02-25
After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for aRead More →
Google Goes Public with Unpatched Microsoft Edge and IE Vulnerability
2017-02-25
Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they’ve published details about a bugRead More →
British man arrested after 900,000 broadband routers knocked offline in Germany
2017-02-24
A 29-year-old man has been arrested at Luton airport by the UK’s National Crime Agency (NCA) in connection with a massive internet attack that disrupted telephone, television and internet servicesRead More →
This system admin used VPN to hack into and cause $1.1 million loss to his ex-employer before being caught
2017-02-24
After being fired, this sys-admin used VPN to hack and plant his own software and cause a $1.1 million loss to his employer Getting a pink slip is a bad newsRead More →
Serious Cloudflare bug exposed a potpourri of secret customer data
2017-02-24
Service used by 5.5 million websites may have leaked passwords and authentication tokens. Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warnedRead More →
Google Announces First-Ever SHA1 Collision Attack
2017-02-24
The SHA1 (Secure Hash Algorithm 1) cryptographic hash function is now officially dead and useless, after Google announced today the first ever successful collision attack. SHA1 is a cryptographic hashRead More →
Malware Uses Blinking Hard Drive LEDs to Transmit Data to Nearby Cameras
2017-02-23
Custom-made malware installed on an offline computer can use a hard drive’s LED to send out sensitive data from infected computers to nearby cameras. This Hollywood hacking scenario is nowRead More →
New macOS Patcher Ransomware Locks Data for Good, No Way to Recover Your Files
2017-02-23
A newly discovered ransomware family calling itself Patcher is targeting macOS users, but according to security researchers from ESET, who discovered the ransomware last week, Patcher bungles the encryption processRead More →
CVE-2017-6074 – a new 11-year old Linux Kernel flaw discovered
2017-02-23
Security expert discovered a new 11-year old privilege escalation vulnerability, tracked as CVE-2017-6074, in the Linux kernel. A new privilege escalation vulnerability, tracked as CVE-2017-6074, has been discovered in the Linux kernel andRead More →
DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked
2017-02-22
Small biz wakes up to find online homes defaced. Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster. The index.phpRead More →
Transferring Backdoor Payloads by DNS AAAA records and IPv6 Address
2017-02-22
Transferring Backdoor Payloads by DNS AAAA records and IPv6 Address. in this article i want to explain how can use IPv6 Address (AAAA) records in DNStraffic for Transferring Payloads. In myRead More →
Revisiting Windows Security Hardening Through Kernel Address Protection
2017-02-22
Back in 2011 when Windows 7 Service Pack 1 was king of the hill and I was just starting to learn to program (via Harvard’s epic CS50), j00ru published aRead More →
