First UEFI malware discovered in wild is laptop security software hijacked by Russians
ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit,” active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive…
GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities…
Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls
CVE-2018-17780 – Security researcher Dhiraj Mishra discovered that Telegram default configuration would expose a user’s IP address when making a call. Strangely tdesktop 1.3.14 and Telegram for windows (3.3.0.0 WP8.1) leaks end-user private and public IP address while making calls. Telegram is supposedly a secure messaging application, but it forces…
Port of San Diego hit by a cyber attack a few days after the attack on the Port of Barcelona
Port of San Diego suffered a ransomware-based attack, a few days after the Port of Barcelona was hit by a cyber attack that caused several problems. A few days ago the Port of Barcelona was hit by a cyber attack that caused several problems to the critical…
CVE-2018-1718 -Google Project Zero reports a new Linux Kernel flaw
Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version…
New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which…
oPatch community released micro patches for Microsoft JET Database Zero-Day
0patch community released an unofficial patch for the Microsoft JET Database Engine zero-day vulnerability disclosed by Trend Micro’s Zero Day Initiative Experts from 0patch, a community of experts that aims at addressing software flaws, released an unofficial patch for the Microsoft JET Database Engine zero-day vulnerability that Trend…
SHEIN Data breach affected 6.42 million users
Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 million customers. The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach. SHEIN is now notifying affected users…
White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day
The popular macOS expert and former NSA hacker has discovered a zero-day vulnerability in macOS on Mojave ‘s release day. It is always Patrick Wardle, this time the popular expert and former NSA hacker has found a zero-day flaw in macOS on Mojave ‘s release…
Critical flaw affects Cisco Video Surveillance Manager
Cisco has patched a critical vulnerability in the Cisco Video Surveillance Manager (VSM) could be exploited by an unauthenticated remote attacker to gain root access. Cisco has fixed a critical vulnerability in the Cisco Video Surveillance Manager software running on some Connected Safety and Security…
Stay connected