Experts observed several malspam campaigns using signed emails to deliver the GootKit banking Trojan (aka talalpek or Xswkit). Threat actors leverage a multi-stage malware loader tracked as JasperLoader in the malspam campaigns over the past few months. The JasperLoader was observed while distributing malware to targets from Central Europe, most of them in Italy and […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! 60 Million records of LinkedIn users exposed online INPIVX hidden service, a new way to organize ransomware attacks Ride-Hailing Company operating in Iran exposes data of Iranian Drivers A […]
A new variant of the AESDDoS bot is exploiting a recent vulnerability in the Atlassian collaborative software Confluence. Security experts at Trend Micro have spotted a new variant of AESDDoS botnet that is exploiting a recently discovered vulnerability in the Atlassian collaborative software Confluence. The flaw exploited in the attacks, tracked as CVE-2019-3396, is a […]
US NIST updates its Automated Combinatorial Testing for Software (ACTS) research toolkit that should help experts in finding bugs in complex safety-critical applications. US NIST announced updated for its Automated Combinatorial Testing for Software (ACTS) research toolkit that should allow developers easily spot software errors in complex safety-critical applications. The ACTS toolkit allows development teams […]
Security experts discovered hosted on GitHub the skimmer scripts used by Magecart cybercrime gang to compromised Magento installations worldwide. Experts discovered the Magecart skimmer scripts used to compromise a few hundred e-commerce websites worldwide hosted on GitHub. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use […]
Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. The exposed information included some usernames and hashed passwords, as well as tokens […]
Experts at Cisco Talos group disclosed a dozen vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change […]
Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. Security expert Paul Marrapese discovered two serious vulnerabilities in the iLnkP2P P2P system that ĂŹs developed by Chinese firm Shenzhen Yunni Technology Company, Inc. The iLnkP2P system allows users to remotely connect to their IoT devices […]
Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. “Beapy is […]
One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. Different protocols create different ways that connect your […]