Security researchers from lgtm.com have discovered a major remote code execution security flaw (CVE-2017-9805) in Apache Struts, which is a well-liked open-source framework created to develop internet purposes in theRead More →
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system. According toRead More →
A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of today’s top PDF viewers, according to German software developer Hanno Böck. TheRead More →
Deng Jiewei, from Guangdong, was charged with illegally selling programs known as virtual private networks (VPNs), according to court papers. VPNs are illegal in China because they let people avoidRead More →
The TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, according to a recent version spotted in a distribution campaign last week. The TrickBot banking trojanRead More →
Ransom attacks on MongoDB databases rekindled last week and over the weekend with the emergence of three new groups that hijacked over 26,000 servers, with one group hijacking 22,000. TheRead More →
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities cameRead More →
Experts spotted a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware Security expert Brad Duncan with both the SANS InternetRead More →
A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online. While we don’t know when the actual hackRead More →
A pirate broadcaster posing as a police officer interfered in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers. TheRead More →
A bug that exposed users’ contact information affected a far greater number of accounts than Instagram originally said. The bug, which appears to have been responsible for Selena Gomez’s account beingRead More →
GitLab is a widely used SaaS provider that focuses on developer related issues, including Git repository management, issue tracking and code review. During a recent pen test of GitLab (IRead More →
Summer vacation is over! During the past week, security researchers have discovered several distribution campaigns pushing the Locky ransomware via different methods, including a new variant that features one hellRead More →
A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.Read More →
An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in theRead More →
WikiLeaks published today documentation on the CIA Angelfire project, a malware framework developed to infect Windows computers. According to a leaked CIA manual, Angelfire is made up of five components, eachRead More →
***UPDATE*** In the past 24 hours we have seen over 23 million messages sent in this attack, making it one of the largest malware campaigns that we have seen in theRead More →
Security researchers have found five gaping holes in the firmware running on Arris modems, three of which are hardcoded backdoor accounts. An attacker could use any of these three accountsRead More →
The popular Dutch security researcher Victor Gevers has discovered thousands of Bitcoin miners left exposed on the Internet. The popular security researcher Victor Gevers, the founder of the GDI Foundation, hasRead More →
SAP POS Xpress Server does not perform any authentication checks for critical functionality that requires user identity. As a result, administrative and other privileged functions can be accessed without anyRead More →
