Experts at security firm Doctor Web discovered a new botnet of IoT devices leveraging the Linux.ProxyM, that is used by crooks for mass spam mailings. The most popular thingbot since now is the Mirai, but it isn’t the only one targeting Linux-based internet-of-things (IoT) devices. Researchers with security firm Doctor Web discovered a new botnet of […]
The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a […]
The top U.S. markets regulator SEC announced a security breach, accessed data might have been used by crooks for insider trading. The U.S. Securities and Exchange Commission (SEC) announced that cyber criminals had previously breached its database of corporate announcements in 2016 and likely they have used it for insider trading. On Wednesday, the SEC Chairman […]
Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy. Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved. “New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their […]
Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Access Protocol (LDAP) authentication. Joomla implements LDAP access via […]
The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33 group has […]
The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS […]
The security researcher Chris Vickery discovered that Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket. Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket, a gift for hackers. Viacom controls Paramount Pictures, MTV, Comedy Central and Nickelodeon. The huge trove of data store […]
Researchers at the Ben-Gurion University developed a PoC malware dubbed aIR-Jumper that uses security cameras with Infrared capabilities to exfiltrate data. The team of researchers at the Ben-Gurion University of the Negev in Israel composed of Mordechai Guri, Dima Bykhovsky, Yuval Elovici developed a PoC malware that leverages security cameras with Infrared capabilities to steal data. […]
Hackers have exploited security weaknesses in SS7 protocol to break into a GMail account, take control of a bitcoin wallet and steal funds. In June 2016, researchers with Positive Technologies demonstrated that it is possible to hack Facebook accounts by knowing phone numbers by exploiting a flaw in the SS7 protocol. The technique allows bypassing […]