OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution. Memory side-channel vulnerabilities continue to threaten modern processors, Spectre, and Meltdown, Rowhammer, and RAMBleed are just some samples, Now OpenSSH encrypts secret keys in memory against Side-Channel attacks. Many experts demonstrated variants of side-channel attacks against OpenSSH application […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing. The attacks are targeting U.S. industries and government agencies, the statement was also […]
Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Bella Thorne published her private nude photos before a hacker that was threatening her Linux worm spreading via Exim servers hit Azure customers New Echobot Botnet targets Oracle, VMware […]
Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. The vulnerability is a stored cross-site scripting issue that is related to the way […]
Two vulnerabilities in VLC media player could allow remote attackers to take full control over a computer system while playing untrusted videos. An attacker could remotely take full control over a computer system while playing untrusted videos with any version of VLC media player software prior to 3.0.7. The hack is possible due to two […]
Security experts at Malwarebytes have discovered a new macOS crypto miner, tracked as Bird Miner, that works by emulating Linux. Researchers at MalwareBytes have spotted a new cryptominer, tracked as Bird Miner, that targets macOS and emulates Linux. The malware spreads via a cracked installer for the music production software Ableton Live that is distributed […]
Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Recent campaigns demonstrate that Turla continues to evolve its arsenal and adopt news […]
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users. Microsoft has addressed an important flaw tracked as CVE-2019-1105 that affects versions of Outlook for Android app before 3.0.88. The vulnerability is a stored cross-site scripting issue that is related to the way the app parses incoming email […]
Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed […]