Cisco revealed that security patches released in January to address flaws in Small Business RV320 and RV325 routers were incomplete. Cisco revealed that security updates released in January to address vulnerabilities in Small Business RV320 and RV325 routers were not complete. The tech giant also confirmed that the flaws have been exploited in attacks in […]
Commando VM — Turn Your Windows Computer Into A Hacking Machine FireEye released Commando VM, a Windows-based security distribution designed for penetration testers that intend to use the Microsoft OS. FireEye released Commando VM, the Windows-based security distribution designed for penetration testing and red teaming. FireEye today released an automated installer called Commando VM (Complete Mandiant Offensive […]
There is an important news for administrators of e-commerce websites running over the Magento platform, Magento fixed a critical SQL injection flaw. Administrators of Magento e-commerce websites have to update their installations due to the presence of a critical SQL injection vulnerability in the popular CMS. The flaw could have a significant impact considering that […]
Google security developer Matthew Garrett disclosed a zero-day arbitrary code execution (ACE) vulnerability affecting the TP-Link SR20 routers. Google security developer Matthew Garrett discovered a zero-day arbitrary code execution (ACE) vulnerability in TP-Link SR20 routers. The vulnerability in TP-Link SR20 routers could be exploited by potential attackers on the same network to execute arbitrary commands. […]
The recently patched vulnerability affecting the popular archiver utility WinRAR has been exploited to deliver new malware to targeted users. A recently patched vulnerability affecting the popular archiver utility WinRAR it becoming a commodity in the cybercrime underground, experts reported it has been exploited to deliver new malware in targeted attacks. The vulnerability, tracked as […]
North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […]
ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. The Operation ShadowHammer took […]
Operation SaboTor – A coordinated operation conducted by law enforcement agencies from Europe, Canada, and the United States targeted vendors and buyers of illegal goods on dark web marketplaces. The international operations, dubbed operation SaboTor, involved 17 countries, notably Germany, the Netherlands, Austria, and Portugal. “During the course of this operation, international law enforcement agencies […]
The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. The campaign was discovered in early March 2019, threat actors behind the LUCKY ELEPHANT campaign […]
Microsoft experts discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. Microsoft researchers discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei, both flaws were classified as “high severity.” The experts discovered the flaws because the kernel sensors in Microsoft Defender Advanced Threat Protection (ATP) detected an […]