A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. Technical observation:A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like(../../../../something.app). Since Evernote also has a feature of sharing notes, in such a […]
A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. The malware has been under active development since at least 2013 and it is offered for […]
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users Threat actors tracked as eGobbler developed a new exploit that is allowing them to serve more than 500 million malicious ads to iOS users. The group tracked as eGobbler is exploiting a security flaw in the Google Chrome browser to target millions of […]
Blue Cross of Idaho announced to have suffered a data breach, hackers accessed to the personal information of about 5,600 customers. Blue Cross of Idaho announced suffered a data breach that might have exposed the personal information of about 5,600 customers (out of a grand total of 560,000 health insurance customers), including their names, subscriber […]
Expert discovered an exploit that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to craft filters to inject remote scripts into web sites. ad blocking extensions receive in input a list of malicious URLs that prevents the browser from connecting to them. With the release of Adblocker […]
Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. The Scranos rootkit malware was first discovered late last year when experts at Bitdefender were analyzing a new password- and data-stealing operation leveraging around a rootkit driver digitally signed with a stolen […]
Ecuador suffered 40 million cyber attacks on websites of public institutions since the arrest of Wikileaks founder Julian Assange. Last week, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years. In response to the arrest acktivist communities launched several attacks against the Ecuador government. […]
A recently fixed local privilege escalation flaw in windows (CVE-2019-0803) had been exploited by bad actors to deliver PowerShell Backdoor. April 2019 Patch Tuesday security updates addressed a local privilege escalation flaw in Windows operating system, tracked as CVE-2019-0859 that had been exploited by threat actors to deliver a PowerShell backdoor. The flaw could allow […]
The popular hacker Gnosticplayers made the headlines again, he is offering for sale on the dark web the fifth round of hacked accounts. The popular hacker Gnosticplayers is offering for sale on the dark web the fifth round of hacked accounts. Between February and March, the hacker disclosed the existence of some massive unreported data […]
Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature. The DDoS attack peaked at a massive 7,500 requests per second and delivered more than 70 […]