A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers to inject malicious […]
Which is the difference between the Deep Web and Dark Web? Considerations about past, present, and future of the Dark Web. These are intense days for the Dark Web. Operations conducted by law enforcement agencies lad to the arrests of many individuals and the closure of the most popular Black Marketplaces, many of which remained […]
White hat hackers at Google Project Zero are tracking cyber attacks exploiting zero-days before the vendor released security fixes. Experts at Google Project Zero are tracking cyber attacks exploiting zero-days as part of a project named 0Day âIn the Wild.â “Today, we’re sharing our tracking spreadsheet for publicly known cases of detected zero-day exploits, in the […]
A joint effort by international law enforcement agencies from 6 different countries has dismantled the crime gang behind the GozNym banking malware. GozNym banking malware is considered one of the most dangerous threats to the banking industry, experts estimated it allowed to steal nearly $100 million from over 41,000 victims across the globe for years. “An […]
Microsoft has renewed its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies. The first version of the Attack Surface Analyzer 1.0 was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. The Analyzer has been released on GitHub, it […]
Titan Security Keys are affected by a severe vulnerability, for this reason, Google announced it is offering a free replacement for vulnerable devices. Google announced it is offering a free replacement for Titan Security keys affected by a serious vulnerability that could be exploited by to carry out Bluetooth attacks. The Titan Security Keys were introduced by […]
Experts at Yoroi-Cybaze Z-Lab observed a spike in attacks against the banking sector and spotted a new email stealer used by the TA505 hacker group Introduction During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. In fact, many independent researchers pointed to a particular […]
The Magecart gang made the headlines again, the hackers this time compromised the Forbes magazine subscription website. The Magecart group is back, the hackers this time compromised injected a skimmers script into the Forbes magazine subscription website. The malicious traffic was spotted by the security expert Troy Mursch, Chief Research Officer of Bad Packets, on Wednesday. Magecart hackers […]
The BlackTech cyber-espionage group exploited the ASUS update process for WebStorage application to deliver the Plead backdoor. The cyber espionage group tracked as BlackTech compromised the ASUS update process for WebStorage application to deliver the Plead backdoor. The BlackTech group was first observed by ESET on July 2018, when it was abusing code-signing certificates stolen from D-Link for the […]
SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, […]