Delivered by “secure” Word doc, pure PowerShell malware fetches commands from DNS TXT records. Researchers at Cisco’s Talos threat research group are publishing research today on a targeted attack deliveredRead More →
Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation. The backdoor is present in almost all devices producedRead More →
Short Bytes: The developers of BlackArch ethical hacking distro have released the new ISO images of their operating system. BlackArch Linux 2017-03-01 is now available with 50 new hacking tools, Linux kernelRead More →
We were silenced by the Feds!’. Shoppers of 40 online stores have had their bank card numbers and addresses slurped by a malware infection at backend provider Aptos. The securityRead More →
Nation-sponsored attackers targeted 26 specific accounts. Yahoo CEO Marissa Mayer said she’ll forgo her 2016 bonus and any stock award for this year after the company admitted it failed toRead More →
On Valentine’s Day, Mac users got a special “treat” in the form of new malware. Then, later that same week, there were signs of yet another piece of malware looming. These threatsRead More →
With more than one million active bots at any time, a Necurs-enabled DDoS attack could dwarf such an attack by the Mirai botnet. In an ominous development, the world’s largestRead More →
Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploitedRead More →
The Dridex banking Trojan has been updated and now sports a new injection method for evading detection based on the technique known as AtomBombing. Researchers with IBM X-Force identified the newRead More →
Bored hacker looking for fun? We couldn’t possibly suggest you attack the latest vulnerability in ESET’s antivirus software, because it’s too basic to offer any challenge at all. As outlinedRead More →
Internet of Things database containing personal information was indexed by Shodan search engine. The database behind an internet-connected cuddly toy exposed the account information of over 800,000 users, while aRead More →
The vulnerability can lead to attackers grabbing data from website database or user sensitive information. A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowingRead More →
A few words about caching and reactions Websites often tend to use web cache functionality (for example over a CDN, a load balancer, or simply a reverse proxy). The purposeRead More →
The Necurs botnet is evolving and recently the experts at BitSight’s Anubis Labs discovered that it was improved to launch DDoS attacks. The Necurs botnet continues to evolve and recentlyRead More →
DNS servers are essential to the normal functioning of the internet as we know and love it, but they tend to go unnoticed by most users. At least, that is, until someRead More →
EHR data are precious commodities in the cyber criminal underground because of the lack of cyber security of healthcare industry. Electronic health record databases are becoming the most precious commoditiesRead More →
Google wants everyone to be able to easily encrypt data. Google has always been good about sharing the wealth of information it has, including when it comes to donating itRead More →
A new b -as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week. First spotted two days ago, this ransomware operation is quite unique as itRead More →
The tour company Roberts Hawaii is warning its customers about a security breach that may affect people who purchased tours and other services on its website. Did you visit theRead More →
Vulnerabilities in word processing and office productivity suites are useful targets for exploitation by threat actors. Users frequently encounter file types used by these software suites in their day toRead More →
