Trend Micro spotted a new attack relying on weaponized Word documents and PowerShell scripts that appears related to the MuddyWater APT. Security experts at Trend Micro have spotted a new attack relying on weaponized Word documents and PowerShell scripts that appears related to the MuddyWater cyber-espionage campaign. The first MuddyWater campaign was observed in late 2017, then researchers from […]
A new vulnerability involving side channel speculative execution on Intel chips, known as LazyFP, has been announced and assigned CVE-2018-3665. A new vulnerability tracked as LazyFP (CVE-2018-3665) involving side channel speculative execution affects Intel CPUs, like previous ones it could be exploited by hackers to access sensitive information from the affected system. The vulnerability was discovered […]
Threat Fabric reports of a newly discovered banking Trojan, dubbed Mysterybot, targeting Android 7 and 8 versions, the malware seems to be linked to Lokibot. Threat Fabric (formerly known as SfyLabs) reports of a newly discovered banking Trojan targeting Android 7 and 8 versions. It seems to be linked to Lokibot, the hydra of the Android malware […]
Researchers have released a decryptor tool that could be used by victims of the Everbe Ransomware to decrypt their files for free. Good news for the victims of the Everbe Ransomware, the popular malware researchers Michael Gillespie and Maxime Meignan have released a decryptor that could be used by victims to decrypt their files for free. The Everbe Ransomware encrypts files […]
GnuPG 2.2.8 released earlier this month addresses the CVE-2018-12020 vulnerability, dubbed SigSpoof, affecting GnuPG, Enigmail, GPGTools, and python-gnupg. GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications. GnuPG version 2.2.8 released earlier this month addresses the CVE-2018-12020 vulnerability, dubbed SigSpoof, affecting GnuPG, […]
SAP June 2018 Security Patch Day addresses two security notes, the company fixed five issues for previously released notes, including two critical flaws rated Hot News. The most common flaw types are Cross-Site Scripting and Remote Command Execution, followed by implementation flaws and information disclosure. “It seems that the downward trend in the number of monthly […]
According to a top US intelligence official, mobile phones of football fans traveling to Russia for the World Cup could be hacked by the Russian Intelligence. Russia World Cup 2018 – Mobile devices and computers of football fans traveling to Russia could be hacked by the Russian Intelligence, the alert was issued by William Evanina, Director […]
76. Calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab Bad news for Kaspersky, European Parliament passed a resolution […]
Cyber criminal organizations and state-sponsored hackers continue to use Exploit kits to compromise targets world worldwide if the use of Exploit kits is decreased across the recent months, some of them were improved by adding the code to exploit recently discovered Flash and Internet Explorer zero-day vulnerabilities. “Since both Flash and the VBScript engine are […]
A China-linked APT group, LuckyMouse, Emissary Panda, APT27 and Threat Group 3390, has targeted a national data center in Central Asia. The APT group has been active since at least 2010, the crew targeted U.S. defense contractors and financial services firms worldwide. In March 2018, security experts at Kaspersky Lab have observed an attack powered by the […]