Archive
Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it. Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine. The flaw tracked as
DHS Releases Analysis of ELECTRICFISH Malware
In an attempt to reduce exposure and enable network security, the Department of Homeland Security (DHS) in collaboration with the Federal Bureau of Investigation (FBI) has released a report analyzing a North Korean traffic tunneling tool named ELECTRICFISH. The DHS
Dharma Ransomware Abusing Legitimate Anti-virus Tool to Trick Victims And Infect Their Computers
A new variant of Dharma ransomware masquerading as an ESET AV Remover Installer, to trick the users and to hide its malicious activities. Dharma ransomware was first found in 2016, and it uses the AES-256 encryption, the ransomware primarily targets
What is Deception Technology and Why Virtual Reality will be the Ultimate Weapon Against Cyberattacks
Development with technologies such as Deception Technology has become either a boon for cyber professionals or hackers, and this can go either way thanks to the growth in recent years. ‘Going for the obvious kill’ hacker mentalities are long gone,
New data has discovered that a minute percentage of data breaches closed by the Information Commissioner’s Office (ICO) since the GDPR came into force have resulted in monetary punishments. According to research from personal data security platform Digi.me, of 11,468
Fxmsp is a collective of Russian- and English-speaking hackers, they are primarily targeting on highly protected networks to exfiltrate sensitive details from corporate’s and government entities. The hacking group operating since 2017 and they know for targeting corporate and government
Canadian Freedom Mobile mobile network operator exposed the details of many customers, including their payment card data. Security researchers at vpnMentor discovered an unprotected database containing information belonging to Freedom Mobile customers. Freedom Mobile is the fourth largest mobile network
Hackers are actively exploiting a recently patched critical remote code execution vulnerability in SharePoint Server versions to inject China Chopper web shell which allows hackers to inject and issue various commands. Canadian and Saudi Arabian cybersecurity raised awareness about the
Since December 2015, Alpine Linux Docker images have been shipped with hardcoded credentials, a NULL password for the root user. Security researchers from Cisco revealed that Alpine Linux Docker images distributed via the official Docker Hub portal since December 2015
Despite the arrest of alleged group leaders, the advanced persistent threat (APT) group known as Fin7/Carbanak has reportedly been using GRIFFON malware to target approximately 130 companies, according to Kaspersky Lab. According to a recent investigation conducted by experts at
Blockchain Useful, Not Without Issues, Says ISF
The Information Security Forum (ISF) released its latest briefing paper, Blockchain and Security: Safety in Numbers, which identifies security issues associated with developing and deploying blockchain applications. The organization’s latest briefing paper is intended to aid those involved in blockchain
Websites Continue to Collect PII Data Insecurely
Websites are still collecting personally identifiable information (PII) without decent web security, including using the HTTP protocol, collecting in clear text and on websites with expired or misconfigured certificates. According to the research by RiskIQ across 48,949 active financial services
The winners of the EMEA Information Security Leadership Awards have been announced by (ISC)2. Celebrating the accomplishments of cybersecurity professionals across both the private and public sectors who inspire change within the field of cybersecurity throughout the EMEA region, the
Unpatched Address Bar Spoofing Flaw in UC Browser Exposes 600M Users to Phishing Attacks
An URL bar address spoofing vulnerability with the latest versions of UC Browser and UC Browser Mini exposes millions of users to Phishing Attacks. The vulnerability was discovered by the security researcher Arif Khan, which allows an attacker to pose
Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. SANS expert Renato Marinho uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero
For the second time in a year, systems of the city of Baltimore has been hit by a ransomware attack, forcing officials to shut down a majority of them. The city of Baltimore shut down most of its servers in