In this post I’ll show you how an apparently insignificant information on Whatsapp could be used by hackers in a more dangerous targeted attack. When you add a random phone number to your contact list, WhatsApp will show you the profile picture of that user. Given the fact that you don’t know that person, there […]
Researchers at FireEye have detected a new variant of Havex RAT, which scans SCADA network via Object linking and embedding for Process Control (OPC). Security experts at F-Secure and Symantec have recently announced a surge of malicious campaigns based on âHavexâ malware against critical infrastructure. The bad actors behind the Havex campaign mainly targeted companies in the energy […]
A security researcher has detailed Critroni ransomware, a new sophisticated malware which is being sold in different underground forums. In 2013 ransomware were among the menaces that monopolized the threat landscape, malware such as Cryptolocker infected hundreds of thousand machines worldwide. Critroni (aka CTB-Locker) is the name of the last ransomware which captured the attention of security experts, the malware […]
Russian hackers hit Nasdaq critical systems with with a malware-based attack with the primary intent to sabotage the U.S. financial world. It was October 2010 when the FBI started an investigation on alleged malware-based cyber attacks against on Nasdaq, probably related to the operation of a state-sponsored group of hackers. After more than 12 months in which […]
Multiple Cisco Wireless Residential Gateway products are affected by a critical flaw that could allow a remote attacker to hijack the devices. A security vulnerability affects multiple Cisco wireless residential Gateway products, the flaw resides on the web server an could be exploited by a remote attacker to hijack the network appliance. The flaw, ranked […]
Experts at Aorato have discovered a flaw in MS Active Directory that could allow an attacker to conduct a pass-the-hash attack to change a victim’s password. The Israel-based security firm Aorato has recently discovered a flaw in Microsoft’s Active Directory (AD) that could allow an attacker (via “pass-the-hash” attack) to change a victim’s password and access a […]
Researchers at SEC Consult have discovered a CSRF vulnerability in the OpenVPN Desktop Client that can allow remote code execution. Security researchers at SEC Consult have discovered a CSRF flaw in the OpenVPN Desktop client and promptly reported it to the company in May. OpenVPN Desktop Client for its Access Server is an SSL VPN for a variety […]
Project Zero is the new initiative announced by Google. The company is hiring the top security experts to make the Internet a more secure place. Google has publicly announced a new program called âProject Zero,â an ambitious project which involves a team of Star Hackers and Bug Hunters with the purpose to improve security of the […]
Edward Snowden leaked a top-secret GCHQ document which details the operations and the techniques used by JTRIG unit for propaganda and internet deception. The JTRIGÂ unit of the British GCHQ intelligence agency has designed a collection of applications that were used to manipulate for internet deception and surveillance, including the modification of the results of the […]
US Secret Service and the NCCIC have alerted hoteliers about a potential presence of keyloggers in the machines provided to guests in hotel business centers. US Secret Service and the Department of Homeland Securityâs National Cybersecurity and Communications Integration Center (NCCIC) have issued a non-public security advisory in the hospitality industry to warn on the activities of cyber […]