Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a […]
A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. “Using the vulnerabilities we discovered, it […]
Personal and payment card information of 380,000 British Airways customers were stolen by attackers, stolen data did not include travel or passport details. British Airways was hacked, customer personal and payment card information of 380,000 were stolen by attackers, the stolen data did not include travel or passport details. The company published a data breach notification […]
Security experts from ESET observed a treat actor, tracked as PowerPool, exploiting the recently disclosed Windows zero-day flaw in targeted attacks. The vulnerability was publicly disclosed on August 27 by the security expert “@SandboxEscaper,” the researcher also published the exploit code for the vulnerability. The vulnerability affects Microsoft’s Windows operating systems that could be exploited by a […]
The Iran-linked APT group OilRig was recently observed using a new variant of the OopsIE Trojan that implements news evasion capabilities. Experts at Palo Alto Networks observed a new campaign carried out by the Iran-linked APT group OilRig that was leveraging on a new variant of the OopsIE Trojan. The OilRig hacker group is an Iran-linked APT that has been […]
The MEGA Chrome browser extension had been hacked and replaced with a one that steals users’ credentials for popular web services Are you using the MEGA Chrome browser extension? Uninstall it now because the Chrome extension for MEGA file storage service had been hacked and replaced with a one that steals users’ credentials for popular […]
Researchers at security firm Group-IB have exposed the attacks carried out by the Silence cybercriminal group, providing details on its tactics and tools. Experts at security firm Group-IB have exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group’s activity in more than 25 countries worldwide. Group-IB […]
Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. The group also knows as Cycldek was first spotted in September 2013, it was mainly targeting entities in Southeast Asia using different malware variants mainly PlugX and […]
Security expert discovered that Skype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS) Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb)Steps to reproduce this issue: 1. Open […]
Security researcher discovered that many misconfigured Tor sites using SSL certificated could expose the public IP addresses of underlying servers. Yonathan Klijnsma, a threat researcher at RiskIQ, has discovered that many misconfigured Tor sites using SSL certificated could expose the public IP addresses of underlying servers. Properly configured servers hosting hidden services have to listen only on the localhost (127.0.0.1) […]