The South Korean Computer Emergency Response Team issued a warning Wednesday of a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks areRead More →
New Windows 10 build includes fixes for unbootable AMD CPUs for those who didn’t patch them manually. Microsoft has released build 16299.214 of the Windows 10 Fall Creators Update toRead More →
Exploit could allow hackers to run code thanks to “insufficient sanitization” of HTML fragments. Mozilla has fixed a critical flaw in Firefox that could allow a remote attacker to execute arbitrary codeRead More →
PE-sieve PE-sieve (previously known as Hook Finder) is my open source tool based on libpeconv. It scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modifiedRead More →
Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory,Read More →
Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK. Why is this surprising? OtherRead More →
Proofpoint researchers have been following an previously undocumented threat in which actors are stealing bitcoins via the Tor proxy onion[.]top. Operators of this proxy are surreptitiously diverting Bitcoin payments fromRead More →
PC maker Lenovo issued a fix for a hardcoded password flaw impacting ThinkPad, ThinkCentre and ThinkStation laptops. The flaw affects nearly a dozen Lenovo laptop models that run versions ofRead More →
Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in aRead More →
Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to emptyRead More →
Over 2,000 WordPress sites are infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive. Researchers at Sucuri who made the discovery, said theRead More →
Another day, another cryptocurrency exchange under cyber attack – This time Coincheck, Japanese cryptocurrency exchange has been hacked and lost $534 million in NEM tokens. One of Japan’s and Asia’s largest cryptocurrency exchange Coincheck has sufferedRead More →
At the recent Black Hat Europe conference, Positive Technologies researchers Mark Ermolov and Maxim Goryachy spoke about the vulnerability in Intel Management Engine 11, which opens up access to most ofRead More →
I’m on a plane again…this time flying home from one of my favorite hacker cons: ShmooCon! I was stoked to give a talk about auditing on macOS. Yah, I know that doesn’tRead More →
Ad campaign lets attackers profit while unwitting users watch videos. YouTube was recently caught displaying ads that covertly leach off visitors’ CPUs and electricity to generate digital currency on behalfRead More →
Fixing the chip security holes Meltdown and Spectre will take a long, long time, but Linus Torvalds and Intel developers are slowly moving to answers for Linux. Spectre and MeltdownRead More →
A study into the security of hardware license tokens. In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial controlRead More →
Just five days before a three-year old Bitcoin puzzle was set to expire, a PhD student cracked the code. A three-year old Bitcoin mystery came to an end last weekRead More →
Electron, a popular web application writing platform underlying some extremely widespread software including Skype and Slack, is vulnerable to a critical remote code execution vulnerability. Apps are only vulnerable if they run onRead More →
Forced redirects from Zirconium group push phony malware and fake Flash updates. Last year brought a surge of sketchy online ads to the Internet that tried to trick viewers intoRead More →
