Security experts at CheckPoint discovered a series of vulnerabilities in WhatsApp that could be exploited by attackers to tamper with conversations. A team of Check Point security researchers composed of Dikla Barda, Roman Zaikin, and Oded Vanunu devised three attacks that leverage the vulnerabilities in WhatsApp to tamper with conversations. The flaws could allow attackers […]
Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. Avast recently discovered […]
Cisco has released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches. Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with […]
Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group […]
The operators behind the recently discovered Echobot botnet added tens of new exploits to infect a broad range of systems worldwide. In June, experts at PaloAlto Networks uncovered a new botnet, dubbed Echobot that is based on the dreaded Mirai botnet. At the time of its discovery, operators added 8 new exploits, but a few weeks later the […]
Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […]
Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […]
A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]
The FBI published a security advisory to warn of cyber actors using online dating sites to conduct confidence/romance scam and recruit money mules. The FBI published a security advisory to warn of confidence/romance scams turning victims into money mules. The advisory explains that victims are used as part of a money-laundering scheme and act as […]
CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers. CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers. The news was publicly reported by the data breach notification service […]