Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […]
Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […]
A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]
The FBI published a security advisory to warn of cyber actors using online dating sites to conduct confidence/romance scam and recruit money mules. The FBI published a security advisory to warn of confidence/romance scams turning victims into money mules. The advisory explains that victims are used as part of a money-laundering scheme and act as […]
CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers. CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers. The news was publicly reported by the data breach notification service […]
The experts at Yoroi-Cybaze ZLab discovered a new wave of attacks linked to the cyber espionage campaign tracked as Roma225. Introduction Few months ago we started observing a cyber operation aiming to attack private companies in various business sectors, from automotive to luxury, education, and media/marketing. The attack attribution is still unclear but the large scale of […]
Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […]
The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]
StockX, the live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, announced a data breach. StockX is a live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, the company announced that the sneaker and streetwear buying platform had been hacked. An unauthorized user was able to access customer data, […]
Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume. The messages have the subject “Ihr Stellenangebot – Bewerbung [Your job offer – […]