Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Winnti group, a threat actor with […]
Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]
The recently patched CVE-2017-0022 Windows Zero-Day vulnerability has been exploited by threat actors behind the AdGholas malvertising campaign and Neutrino EK since July 2016. Microsoft has fixed several security flaws with the March 2017 Patch Tuesday updates. According to security experts at Trend Micro, the list of fixed vulnerabilities includes three flaws that had been exploited […]
US federal prosecutors speculate the involvement of North Korea in the cyber heist of $81 million from Bangladesh’s account at the New York Federal Reserve Bank. The news was reported by The Wall Street Journal, prosecutors suspect the involvement of Chinese middlemen who helped the Government of Pyongyang to organize the cyber theft. In February 2016, unknown hackers transferred […]
The vulnerability allows any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator if the NAS is a domain member. Pasquale ‘sid’ Fiorillo from ISGroup (www.isgroup.biz), an Italian Security Company, and Guido ‘go’ Oricchio of PCego (www.pcego.com), a System Integrator, have just released a critical security advisory for any […]
Android Forums notified a data breach, according to the moderators at the site roughly 2.5 percent of users have been affected. Android Forums is the last victim of a data breach, roughly 2.5 percent of users have been affected. The moderators at the Android Forums confirmed they’ve been able to identify the alleged compromised accounts, in response […]
The threat group behind the Machete cyber espionage campaign first spotted in 2014 continues to target entities in Spanish-speaking countries. According to the researchers at security firm Cylance Threat actors behind the cyber espionage campaign dubbed Machete continue to target entities in Spanish-speaking countries. The Machete campaign was first uncovered by the researchers at Kaspersky in August 2014 and […]
Hackers belonging to the Turkish Crime Family group threaten to remotely wipe hundreds of millions of iPhones unless Apple pays a ransom. Crooks are claiming to have over 627 millions of iCloud credentials and intend to wipe date from iPhones, iPads and Macs if the Apple does not pay $150,000 within two weeks. Members of […]
The notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. The Security expert at Google Project Zero Tavis Ormandy discovered several vulnerabilities in Chrome and Firefox extensions of the LastPass password manager that can be exploited to steal passwords. The expert also wrote PoC exploit for the flaw […]
Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices. We have to consider that IoT devices are pervading our day life such as into […]