Recently, the Advanced Threat Response Team of 360 Core Security Division detected an APT attack exploiting a 0-day vulnerability tracked as CVE-2018-8174. Now the experts published a detailed analysis of the flaw. I Overview Recently, the Advanced Threat Response Team of 360 Core Security Division detected an APT attack exploiting a 0-day vulnerability and captured the worldâs […]
The macOS client for the Signal fails to properly delete disappearing messages from the recipient’s system, potentially exposing sensitive messages. Signal is considered the most secure instant messaging app, searching for it on the Internet it is possible to read the Edward Snowdenâ testimony: âUse anything by Open Whisper Systemsâ Snowden says. The Cryptographer and Professor at Johns […]
Google releases additional Meltdown mitigations for Android as part of the May 2018 Android Security Bulletin. The tech giant also addresses flaws in NVIDIA and Qualcomm components. Both Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data. The Meltdown attack (CVE-2017-5754 vulnerability) could allow attackers to read the entire physical memory of the […]
A backdoor was discovered in the Python module named SSH Decorator (ssh-decorate), that was developed by Israeli developer Uri Goren. Are you using the Python module ‘SSH Decorator’? You need to check the version number, because newer versions include a backdoor. The library was developed to handle SSH connections from Python code. Early this week, a developer […]
Adobe has released security updates to address several vulnerabilities in its products, including Flash Player, Creative Cloud and Connect products. The security updates also address a Critical Code Execution vulnerability in Flash Player tracked as CVE-2018-4944. The flaw is a critical type confusion that could be exploited to execute arbitrary code, the good news is that Adobe […]
Microsoft has released the May 2018 Patch Tuesday that addresses more than 60 vulnerabilities, including two Windows zero-day flaws that can be exploited for remote code execution and privilege escalation. Microsoft May 2018 Patch Tuesday includes security patches for 67 vulnerabilities, including two zero-days that have already been exploited in the wild by threat actors. The […]
The baseStriker attack technique allows to bypass anti-phishing filters by splitting and disguising a malicious link using a tag called the <base> URL tag. Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365. The […]
Experts at vpnMentor released an unofficial patch for Zero-Days in Dasan GPON home routers manufactured by the company Dasan. Security experts at vpnMentor last week disclosed a couple of zero-day vulnerabilities (CVE-2018-10561 & CVE-2018-10562) in Gigabit-capable Passive Optical Network GPON home routers manufactured by the company Dasan. The researchers have found a way to bypass the authentication to access the GPON home […]
A security researcher found evidence that Twitter is testing a new feature, dubbed ‘Secret Conversation,’ to enable end-to-end encryption for its Direct Messages, Twitter plans to adopt end-to-end encryption for its Direct Messages, the company is currently testing its new service dubbed ‘Secret Conversation’. The discovery was made by the computer science student at the […]
The FBIâs Internal Crime Complaint Center (IC3) released the FBI 2017 Internet Crime Report, a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2017 Internet Crime Report, one of the most interesting documents on the crime trends in the last 12 months. The first figure that captures […]