WannaCry ransomware outbreak anniversary – According to researchers from ESET, the popularity of EternalBlue increase significantly over the past months. Exactly one year ago, on May 12, the WannaCry ransomware infected hundreds of thousands of computers worldwide. The success of the malware was the use of the EternalBlue exploit that was stolen by Shadow Brokers […]
Google released an updated version of Chrome 66 that addresses a Critical security vulnerability that could be exploited by an attacker to take over a system. Google released an updated version of Chrome 66 (version 66.0.3359.170) for Windows, Mac, and Linux systems that addressed 4 security vulnerabilities. “This update includes 4 security fixes. Below, we highlight fixes that were contributed […]
Security experts devised a new attack technique dubbed Throwhammer that could be exploited by attackers to launch Rowhammer attack on a system in a LAN. A few days ago we discussed the GLitch attack that leverages graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones. Now security experts devised a new attack […]
Trello, when an error in the publishing strategy is able to put at risk the private data of a huge community of unaware users. A âSecurity enthusiasticâ found a vulnerability in the Trello web management and now with a simple dork is possible to query to mine passwords from dozens of public Trello boards. Our […]
On May 4th Tech giant Telstra discovered a vulnerability in its service that could potentially expose customers of its cloud who run self-managed resources. Telstra is a leading provider of mobile phones, mobile devices, home phones and broadband internet. On May 4th, the company has discovered a vulnerability in its service that could potentially expose […]
Security experts from the industrial cybersecurity firm Dragos warn of a threat actor tracked as Allanite has been targeting business and industrial control networks at electric utilities in the United States and the United Kingdom. Dragos experts linked the campaigns conducted by the Dragonfly APT group and Dymalloy APT, aka Energetic Bear and Crouching Yeti, to a threat actors they […]
Security experts at Flashpoint confirmed the availability online for the source code of the TreasureHunter PoS malware since March. The researchers found evidence that the threat has been around since at least late 2014. TreasureHunt was first discovered by researchers at the SANS Institute who noticed the malware generating mutex names to evade detection. TreasureHunt enumerates the processes running on the […]
Lenovo has released security patches that address the High severity vulnerability CVE-2017-3775 in the Secure Boot function on some System x servers. The standard operator configurations disable signature checking, this means that some Server x BIOS/UEFI versions do not properly authenticate signed code before booting it. “Lenovo internal testing discovered some System x server BIOS/UEFI versions that, […]
Developers of major operating systems and hypervisors misread documentation from Intel and introduced a the CVE-2018-8897 vulnerability into to their products. The development communities of major operating systems and hypervisors misread documentation from Intel and introduced a potentially serious vulnerability to their products. The CERT/CC speculates the root cause of the flaw is the developers […]
Recently, the Advanced Threat Response Team of 360 Core Security Division detected an APT attack exploiting a 0-day vulnerability tracked as CVE-2018-8174. Now the experts published a detailed analysis of the flaw. I Overview Recently, the Advanced Threat Response Team of 360 Core Security Division detected an APT attack exploiting a 0-day vulnerability and captured the worldâs […]