Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy. The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history. Krause published a detailed analysis on the Open Radar community, he explained that the app just […]
A high-risk security vulnerability discovered more than two years ago has been patched in Linux kernel. The flaw discovered by researchers with Qualys Research Labs affects all Linux distributions that have not fixed their kernels after a commit released on April 14, 2015. Tracked as CVE-2017-1000253, the flaw could be exploited by attackers to escalate privileges. The vulnerability […]
Google disclosed details and a proof-of-concept exploit for iPhone Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. This week Google disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. The flaw that was patched this week could be exploited by attackers to […]
The websites of the CBS’s Showtime was found containing a JavaScript code that allowed someone to secretly mine cryptocurrency in viewers’ web browsers. Over the weekend, the websites of the CBS’s Showtime were found containing a JavaScript code that allowed someone to secretly mine cryptocurrency in viewers’ web browsers. The websites Showtime.com and iShowtimeAnytime.com silently […]
Hackers can steal macOS keychain passwords using unsigned applications, it works on the latest version of macOS, High Sierra 10.13, and previous releases. The cyber security expert Patrick Wardle, director of research at Synack, revealed that unsigned applications can steal macOS Keychain passwords from the latest version of macOS High Sierra and previous versions of macOS. The researchers tested the […]
Evidence that Russian hackers attempted to interfere with the 2016 US Election continues to pile up, DHS notified states whose systems were hit by APTs. Evidence that Russia attempted to interfere with the 2016 US Election continues to pile up. Rumours started almost as soon as the 2016 US Election was completed, individuals with the White House have […]
The Adobe product security incident response team (PSIRT) accidentally published a private PGP key on its blog, once discovered the issue it quickly revoked it. On Friday, the Adobe PSIRT updated its Pretty Good Privacy (PGP) key and published the new public key on the blog post. The new key should have been valid until September […]
United Cyber Caliphate members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground. According to Kyle Wilhoit, a senior security researcher at DomainTools, who made a speech at the DerbyCon hacking conference in US, ISIS members stopped trying to develop their own hacking and communication […]
Researchers spotted a new widespread ransomware campaign leveraging emails with malicious attachments using Herbalife branded messages. Researchers at security firm Barracuda have spotted a new widespread ransomware campaign leveraging emails with malicious attachments, some of them pretend to be sent by the l multi-level marketing nutrition company Herbalife. More than 20 million Herbalife branded emails were sent in a 24 hour […]
Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of malware developers. Investigations on WannaCry, for […]