Attackers with physical access are able to attack the firmware on many fully patched computers with DMA – Direct Memory Access. Once code execution is gained in UEFI/EFI Runtime ServicesRead More →
Researchers claim that the malware is currently priced at $4,000 and comes with ‘bot killer’ features. Security researchers have uncovered a new malware strain, dubbed Nuke, put up for saleRead More →
Experts at Juniper have discovered that an update for its Juniper SRX firewalls opens a root-level account on the network device. The company started warning its users, every user who issued theRead More →
Cracking The 12+ Character Password Barrier, Literally 12 Characters? Are you serious?! What do I mean by cracking 12 characters passwords and above? I’m simply stating that with modern hardware,Read More →
Security researchers from Trustwave and Malwarebytes have come across a new, poorly assembled exploit kit that appears to be the work of a one-man crew. Named Terror EK, this exploitRead More →
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of aRead More →
Bootmode exploit gave attackers ability to hack modem, eavesdrop on calls. Google has shut down a “high-severity” exploit in its Nexus 6 and 6P phones which gave attackers with USBRead More →
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarterRead More →
My friends at CyberBlog decided to analyze the GM Bot Android Malware as exercise aiming to receive feedback sand suggestions from the security community. The sample explored is confirmed as a variantRead More →
Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technologyRead More →
A new form of malware is targeting Macs and launching denial-of-service attacks on users by creating multiple email drafts that crash the computer. The method is simple but devious. AccordingRead More →
The FTC has filed a lawsuit against D-Link for failing to protect its customers against ‘well known and easily preventable software security flaws’ in its routers and IoT cameras. TheRead More →
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone fromRead More →
we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to haveRead More →
The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into the FBI website FBI.gov and leaked data on Pastebin. The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into theRead More →
A cyber-crime infrastructure known in infosec circles as pseudo-Darkleech has been the source of many ransomware infections during the past year, either by malicious spam attachments or via automated attacksRead More →
Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons backRead More →
The security expert Dawid Golunski from Legal Hackers has reported critical RCE flaws in the popular PHP libraries SwiftMailer, PhpMailer and ZendMail. Recently the security expert Dawid Golunski from LegalRead More →
On the last day of 2016, KeepKey, a vendor of Bitcoin hardware wallets, has notified users of a security breach that inadvertently exposed some of its customers’ details. According toRead More →
The Windows kernel privilege escalation vulnerability CVE-2016-7255 has received a lot of media attention. On November’s Patch Tuesday, Microsoft released a fix for this vulnerability as part of bulletin MS16-135.Read More →
