The Yoroi-Cybaze ZLAB dissected the VBS script embedded into the zip archives delivered to the victims of a recent attack. Introduction Few days ago, the CERT-Yoroi bulletin N061118 disclosed a dangerous campaign attacking several Italian users. The attack wave contained some interesting techniques need to look into further, especially regarding the obfuscation used to hide the malicious […]
Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies. Back in 2000, every aspiring student wanted to become computer /IT engineer, thanks to […]
Dell data breach – IT giant Dell disclosed a data breach, the company confirmed it has detected an intrusion in its systems on November 9th 2018. Attackers were trying to exfiltrate customer data (i.e. names, email addresses, and hashed passwords) from the company portal Dell.com, from support.dell.com websites. Wednesday that its online electronics marketplace experienced a […]
A British MP claims Facebook was ware about Russian political interference in 2014, long before the events become public. The British MP Damian Collins, head of a parliamentary inquiry into disinformation, revealed that one of the emails seized from US software company Six4Three as part of a US lawsuit, demonstrates that a Facebook engineer had notified the social network giant in October […]
British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach. British and Dutch data protection regulators have fined Uber with $1,170,892 for the 2016 security breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke […]
Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via the Node Package Manager (NPM) repository. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 […]
Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called […]
UK Parliament Seizes seized confidential Facebook documents from the developer of a now-defunct bikini photo searching app to investigate its data protection policies. A British lawmaker obliged a visiting tech executive to share the files ahead of an international hearing that parliament is hosting on Tuesday to gather info into disinformation and “fake news.” Committee Chairman […]
Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System. The ransomware attack infected computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Center reportedly caused the disruption of the hospitals’ emergency rooms. The malware hit the Ohio Hospital System on Friday, Nov. 23, evening, […]
The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year. Data breaches, […]