Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. The Indian security researcher Narendra Shinde has discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions, including OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X project provides an open source implementation of the X Window […]
Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol. Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs), about how crooks could abuse blockchain […]
The media outlet The Verge obtained a copy of a contract between Google and OEMs that obliges them to two years of security updates for popular phones. Google continues the battle for securing devices of its users, this time making mandatory for device makers two years of Android security updates. One of the main problems with […]
Researchers discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442, in Cisco Webex Meetings Desktop. It’s time to patch again the Cisco Webex video conferencing software of your organization to avoid ugly surprise. Researchers Ron Bowes and Jeff McJunkin of Counter Hack discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442, in Cisco Webex Meetings Desktop. The vulnerability […]
Cathay Pacific Airways Limited, the flag carrier of Hong Kong, had suffered a major data leak affecting up to 9.4 million passengers. Cathay Pacific Airways Limited, the flag carrier of Hong Kong, admitted having suffered a major data leak affecting up to 9.4 million passengers. Exposed data includes passport numbers, identity card numbers, email addresses, and […]
Magecart cybercrime gang made the headlines again, the cyber criminal gang is now targeting vulnerable Magento Extensions. Magecart cybercrime gang switches tactic, it is now targeting vulnerable Magento extensions. instead of compromising large websites or third-party services to steal credit card data. In previous campaigns, attackers customize the attack for each victim tailoring the code for each target site according […]
The security researcher SandboxEscaper has released the proof-of-concept exploit code for a new Windows zero-day, Windows users are now exposed to attacks. The security researcher using the Twitter handle @SandboxEscaper is back and has released the proof-of-concept exploit code for a new Windows zero-day vulnerability. At the end of August, the same researcher disclosed the details of zero-day privilege escalation vulnerability […]
Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. Security experts from Sophos Labs have spotted a new piece of Linux malware tracked as Chalubo (ChaCha-Lua-bot) that is targeting IoT devices in an attempt to recruit them into […]
Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. In December 2017, experts from FireEye discovered a new strain of malware dubbed Triton that was specifically designed to target industrial control systems (ICS). The Triton malware has been used in attacks aimed at a critical […]
The reverse engineer researcher Nathaniel Suchy discovered that Signal Desktop application leaves message decryption key in plain text exposing them to an attacker. Signal Desktop application leaves message decryption key in plain text potentially exposing them to an attacker. The issue was discovered by the reverse engineer researcher Nathaniel Suchy The flaw affects the process implemented by the Signal Desktop […]