A backdoor was discovered in the Python module named SSH Decorator (ssh-decorate), that was developed by Israeli developer Uri Goren. Are you using the Python module ‘SSH Decorator’? You need to check the version number, because newer versions include a backdoor. The library was developed to handle SSH connections from Python code. Early this week, a developer […]
Adobe has released security updates to address several vulnerabilities in its products, including Flash Player, Creative Cloud and Connect products. The security updates also address a Critical Code Execution vulnerability in Flash Player tracked as CVE-2018-4944. The flaw is a critical type confusion that could be exploited to execute arbitrary code, the good news is that Adobe […]
Microsoft has released the May 2018 Patch Tuesday that addresses more than 60 vulnerabilities, including two Windows zero-day flaws that can be exploited for remote code execution and privilege escalation. Microsoft May 2018 Patch Tuesday includes security patches for 67 vulnerabilities, including two zero-days that have already been exploited in the wild by threat actors. The […]
The baseStriker attack technique allows to bypass anti-phishing filters by splitting and disguising a malicious link using a tag called the <base> URL tag. Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365. The […]
Experts at vpnMentor released an unofficial patch for Zero-Days in Dasan GPON home routers manufactured by the company Dasan. Security experts at vpnMentor last week disclosed a couple of zero-day vulnerabilities (CVE-2018-10561 & CVE-2018-10562) in Gigabit-capable Passive Optical Network GPON home routers manufactured by the company Dasan. The researchers have found a way to bypass the authentication to access the GPON home […]
A security researcher found evidence that Twitter is testing a new feature, dubbed ‘Secret Conversation,’ to enable end-to-end encryption for its Direct Messages, Twitter plans to adopt end-to-end encryption for its Direct Messages, the company is currently testing its new service dubbed ‘Secret Conversation’. The discovery was made by the computer science student at the […]
The FBIâs Internal Crime Complaint Center (IC3) released the FBI 2017 Internet Crime Report, a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2017 Internet Crime Report, one of the most interesting documents on the crime trends in the last 12 months. The first figure that captures […]
Recently security experts discovered two critical vulnerabilities in the Drupal CMS (CVE-2018-7600 and CVE-2018-7602), and cybercriminals promptly attempted to exploit them in the wild. The hackers started using the exploits for the above vulnerabilities to compromise drupal installs, mostly cryptocurrency mining. It has been estimated that potentially over one million Drupal websites are vulnerable to cyber attacks […]
Security researchers at VPNMentor conducted a comprehensive assessment on of a number of GPON home routers and discovered a Critical remote code vulnerability that could be exploited to gain full control over them. The researchers have found a way to bypass the authentication to access the GPON home routers (CVE-2018-10561). The experts chained this authentication bypass flaw with another command […]
The latest variant of the SynAck ransomware now includes a number of novel and complex anti-detection techniques, including one that was only made published by security researchers in December 2017. When it originally appeared on the scene, SynAck ransomware didn’t seem unique or outstanding. It was marginally effective, but it wasn’t going to force enterprises […]