Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted […]
The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers. […]
Mozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained […]
Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and […]
A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365 […]
The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal […]
Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application products that could be exploited by hackers for DLL preloading, code execution, and privilege escalation. The first issue in […]
Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the state’s elections chief announced. According to the Republican Secretary of State Frank LaRose, the cyber attack was “relatively unsophisticated” and […]
Security experts disclosed a vulnerability dubbed StrandHogg that has been exploited by tens of malicious Android apps. Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps. The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that […]
Europol announced another success in the fight against cybercrime, the agency shut down 30,506 Internet domain names for distributing counterfeit and pirated items. Europol announced the shutdown of 30,506 Internet domain names for distributing counterfeit and pirated items as part of the ‘In Our Sites’ (IOS) operation launched in 2014. The success is the result […]