A bug in your image thumbnailer could represent a new attack vector for hackers that can exploit it for script injection. Another day, another bug in a popular application. A bugRead More →
Microsoft’s Antimalware Scan Interface (AMSI) was introduced in Windows 10 as a standard interface that provides the ability for AV engines to apply signatures to buffers both in memory andRead More →
Attackers could remotely hack and hijack Ninebot miniPRO hoverboard in just 20 seconds of continuous Bluetooth connection. Do you have an hoverboard? This news will probably surprise you because accordingRead More →
Today, in coordinated press releases, the US Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces — AlphaBay and Hansa Market. US Attorney General JeffRead More →
An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars. The hack was possible due to a flawRead More →
This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums:Read More →
Wikileaks revealed that CIA contractor Raytheon Blackbird Technologies was tasked to analyze advanced malware and TTPs used by threat actors in the wild. Wikileaks continues to publish documents from Vault 7Read More →
Because Windows executables haven’t wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems. This scenario is possible because ofRead More →
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more thanRead More →
Someone is using the SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server. According to experts from Trend Micro, most ofRead More →
In this blog post, we will present a new technique for domain fronting, which enables attackers to abuse Content Delivery Networks (CDNs) to mask malware command and control (C2) traffic. ThisRead More →
A vulnerability codenamed Devil’s Ivy is putting thousands of Internet-connected devices at risk of hacking. Discovered by security researchers from Senrio, the flaw affects gSOAP, a C/C++ library widely used inRead More →
The maker of a smart home security system has failed to patch five security issues in the firmware of his product. These flaws allow an attacker to bypass authentication, takeRead More →
Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware’s developmen. Today security researcher MalwareHunterTeam took a deeperRead More →
For the second time in a year, a highly critical remote code execution vulnerability was found in the Cisco WebEx Extension. For the second time in a year, a highly critical remote codeRead More →
I recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an attacker executing malicious code on your machines, ifRead More →
Dating site for cheaters Ashley Madison has agreed to an $11.2 Million settlement for roughly 37 million users affected by the 2015 massive data breach. Dating site for cheaters Ashley Madison hasRead More →
A new Android RAT (Remote Access Trojan) detected under the name of GhostCtrl can lock mobile device by resetting their PIN and display a ransom note to infected victims. TheseRead More →
On July 7, French domain registrar Gandi lost control over 751 customer domains, which had their DNS records altered to point incoming traffic to websites hosting exploits kits. The domainRead More →
A team of researchers from Fox-IT and Riscure has put together a device using off-the-shelve electronic parts that deduces encryption keys using only electromagnetic emissions coming from a nearby computer.Read More →
