New Golang brute-forcer discovered amid rise in e-commerce attacks
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers....
News
Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
On February 23, 2019, Anomali Labs found a suspicious-looking subdomain transportationgovbidsynckelapw containing the legitimate domain transportation.gov for the U.S. Department...
High-Severity SHAREit App Flaws Open Files for the Taking
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism...
Malware Triggers in Outlook Preview Without User Opening Word Document
A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to...
Mozilla fears encryption law could turn its employees into insider threats
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.The Mozilla Corporation,...
Hackers abuse LinkedIn DMs to plant malware
Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware. Researchers at Proofpoint found...
New browser based attack called MarioNet
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers...
Cyber criminals promise millions to skilled professionals
Cyber criminals are willing to pay more than a million dollars a year to skilled information security professionals who are willing to...
New Malspam Campaign Targets WinRAR ACE Flaw to Deliver Malware
Security researchers have discovered a new Malspam campaign exploiting the recently discovered WinRAR ACE flaw to install malware on the...
Multiple ArtraDownloader Variants Used by BITTER to Target Pakistan
Executive Summary Since at least 2015, a suspected South Asian threat grouping known as BITTER has been targeting Pakistan and Chinese organizations...
Russian hacker accused of bank cyber-attacks pleads guilty in US court
Russian programmer Stanislav Lisov, extradited to the United States from Spain in 2018, pleaded guilty to conspiring to commit a...
Marriott Reveals They Had My Un-encrypted Passport and Credit Card Information, and Now Hackers Have It
Marriott let me know that the hack of their systems released my unencrypted passport number and unencrypted credit card number....
North Korean hackers could start stealing business secrets
As North Korea tries to rev up its economy, it may shift its hacking efforts from financial thievery to stealing...
Secret Rules of Visa and MasterCard Revealed by Russian Ex-Hacker
Dmitry Artimovich, who on several occasions had been referred to as a "Russian hacker” by the world's largest news publications...
dirty_sock: Linux Privilege Escalation (via snapd)
In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a...
CVE-2019-6340 | Drupal RCE Vulnerability
The remote execution flaw exists because some field types do not properly sanitize data from non-form sources and this can...
CVE-2019-8912 | Use After Free Arbitrary Code Execution Vulnerability for many Linux Kernels
Linux Kernel is prone to an arbitrary code-execution vulnerability.An attacker can exploit this issue to execute arbitrary code in the...
Cybersecurity A Key Challenge for the Automotive Industry
The fundamental challenge of cybersecurity is not new. They have existed as long as computers have been used in sensitive applications in...
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via SMB Vulnerability
Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly...
GitHub Increases Bug Bounty Program Rewards
GitHub revealed on Tuesday that last year it paid out $165,000 to researchers who took part in its public bug...
Kali Linux 2019.1 – Updates…updates….updates
Everyone likes a new Kali update!The big marquee update of this release is the update of Metasploit to version 5.0,...
You have around 20 minutes to contain a Russian APT attack
Governments and private organisations have around 20 minutes to detect and contain a hack from Russian nation-state actors. New statistics...
PrivateVPN Thoughts
PrivateVPN Does PrivateVPN keep any logs? The FAQ is emphatic: "No, we NEVER produce logs of any data traffic. The only things...
Locky ransomware back with a new bag of tricks
Locky ransomware is back, again... It's delivered with the help of new tricks to fool users and anti-malware defences. Delivered...
