October 19, 2017
Via: Threat PostA post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus […]
October 17, 2017
Via: SecurelistKaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details required for a fix. On October 10, 2017, […]
September 26, 2017
Via: Security WeekNewly observed Retefe banking Trojan samples have implemented the National Security Agency-related EternalBlue exploit, Proofpoint security researchers have discovered. Unlike previous malware attacks that exploited EternalBlue, however, the new campaign doesn’t abuse it to spread in an infinite loop. In […]
September 20, 2017
Via: Security WeekA cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea. The threat actor, tracked by FireEye as APT33, is believed to […]
September 14, 2017
Via: Security IntelligenceThe IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed […]
April 17, 2017
Via: Help Net SecurityMicrosoft has patched the vulnerabilities that allowed nine of the exploits released by the Shadow Brokers on Friday to work, and said that of the three remaining exploits, none will work on supported platforms (Windows 7 and newer versions of […]
April 10, 2017
Via: Help Net SecurityIf there is a technology or security measure that can help organizations protect their assets from attackers or malware, you can be sure that attackers will try to find a way to bypass it. And, with the increase of number […]
November 18, 2016
Via: Symantec ConnectA newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions […]
Access control, Vulnerabilities
July 28, 2016
Via: CSO OnlineEven password manager LastPass can be fooled. A Google security researcher has found a way to remotely hijack the software. It works by first luring the user to a malicious site. The site will then exploit a flaw in a […]
July 18, 2016
Via: Security AffairsThe Ubuntu online forums have been hacked for the second time in a few months and data of more than 2 Million users have been exposed. According to Ubuntu, the hackers exposed users’ data including usernames, email addresses, and IP […]
July 5, 2016
Via: Security WeekA researcher has discovered a zero-day firmware vulnerability that can be exploited by malicious hackers to disable security features on Lenovo, HP and likely other PCs. Researcher Dmytro Oleksiuk revealed last week that he had identified a privilege escalation vulnerability […]
June 17, 2016
Via: SecurelistEarlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our […]
June 14, 2016
Via: Help Net SecurityImperva researchers discovered a long-running and still active illegal attack that has been exploiting vulnerabilities in thousands of legitimate websites to increase SEO results for illicit websites. One of the largest influencers of SEO page rank is how many other […]
Threats & Malware, Virus & Malware
April 26, 2016
Via: Help Net SecurityRansomware hitting mobile devices is not nearly as widespread as that which targets computers, but Blue Coat researchers have discovered something even less common: mobile ransomware delivered via exploit kit. The ransomware in question calls itself Cyber.Police (the researchers have […]
Access control, Network security
January 11, 2016
Via: CIOAfter scrutinizing the two operating systems that run its networking and security products, Juniper Networks gives them both a clean bill of health, but it plans to replace a part of one that was exploited by unknown parties to undermine […]
October 14, 2015
Via: hackerResearchers at Trustwave spotted a zero-day #exploit in the Magmi plugin for the #magento e-commerce platform that can be used by an attacker to access #credentials and potentially gain complete control of the a user’s Magento database. The vulnerability exists […]
September 6, 2015
Via: hackerContent Management systems (CMS) have become an attractive target for #hackers who aim to #exploit #vulnerabilities in the popular blogging platform #wordpress. Globally, more than 20 percent of WordPress based-websites are running older core versions. #outdated WordPress plugins are also […]
August 17, 2015
Via: hackerRecently, an international hacking ring was discovered to have stolen more than $100 million. The sophisticated plan demonstrated ingenuity on the part of the attackers. They exploited a core vulnerability of the financial system in one of the digital age’s […]
August 5, 2015
Via: malwareHackers have been taking advantage of a serious zero-day vulnerability in the latest version of Apple’s OS X (Yosemite), allowing them to install malware and adware on Macs without the need of a password or administrative privileges. Malwarebytes reported yesterday […]
July 31, 2015
Via: hackerUpdate 7/30/2015 3:00pm EST: GM tells WIRED that it has now fixed the vulnerability that Kamkar’s proof-of-concept device exploited, with no action necessary for OnStar users. Kamkar says the problem is not yet resolved, however, and has been told by […]