Security researchers at Trustwave spotted a new malicious campaign that uses a multi-stage attack to deploy a password stealer. Researchers at Trustwave have spotted a new malware-based campaign that uses a multi-stage infection to deploy a password stealer malware. Hackers leverage the infamous Necurs botnet to distribute spam emails delivering Microsoft Office documents that embedded malicious macros. DOCX […]
The RubyGems 2.7.6 update released last week for RubyGems includes several security improvements and addresses several types of vulnerabilities. The new RubyGems 2.7.6 release addresses several vulnerabilities in Ruby Gems and implements several security improvements. The updates prevent path traversal when writing to a symlinked basedir outside of the root and during gem installation. The updates also […]
The report published by the White House Council of Economic Advisers examines the cyberattacks cost that malicious cyber activities cause to the U.S. economy. How much cost cyber attacks to the US? According to a report published by the White House Council of Economic Advisers last week, the cyberattacks cost between $57 billion and $109 billion […]
Lorenzo Franceschi-Bicchierai published an interesting post on SIM hijacking highlighted the risks for the end users and their exposure to this illegal practice. In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability. A video tutorial titled ‘T-Mobile Info Disclosure exploit’ showing how to use the flaw was also published […]
The Indian bank Kumbakonam-based City Union Bank announced that cyber criminals compromised its systems and transferred a total of US$1.8 million. During the weekend, the Russian central bank revealed a new attack against the SWIFT system, unknown hackers have stolen 339.5 million roubles (roughly $6 million) from a Russian bank last year. Even if the SWIFT international bank […]
Google Project Zero disclosed details of an unpatched flaw in the Edge browser because Microsoft failed to address it within a 90-day deadline. White hackers at the Google Project Zero have disclosed details of an unpatched vulnerability in the Edge browser because Microsoft failed to address it within a 90-day deadline according to the Google’s […]
The Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS losing data under certain conditions. A few days ago a ‘text bomb‘ bug was reported for Apple iOS and macOS apps, the issue can crash any Apple iPhone, iPad Or Mac. Now the Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS […]
Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner. “The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth […]
On Saturday, Germany defense minister Ursula von der Leyen told CNBC that cyber attacks are the greatest challenge threatening global stability. The cybersecurity is a pillar of modern states, the string of recent massive attacks including NotPetya and WannaCry is the demonstration that we are all potential targets. Cyber attacks could hit governments, private companies and citizens in every […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! · FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins · Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild · Thousands of websites […]