News


  • Operating Systems Hit By Major Security Flaw

    May 10, 2018

    Windows, macOS, Linux, VMware, Xen, KVM and others are affected by issues caused by their misinterpretation of chip documentation Most major operating systems are vulnerable to a “serious” security bug caused by developers’ misinterpretation of documentation on debugging features in Intel and AMD chips. The problem is unusual in its scale, affecting Windows, Apple’s macOS, most major ...

  • GandCrab Ransomware Found Hiding on Legitimate Websites

    May 10, 2018

    The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one ...

  • 5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws

    May 10, 2018

    Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, ...

  • IBM bans all removable storage, for all staff, everywhere

    May 10, 2018

    IBM has banned its staff from using removable storage devices. In an advisory to employees, IBM global chief Information security officer Shamla Naidoo said the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” The advisory stated some pockets of IBM have had this policy ...

  • FBI: Cyber-Fraud Losses Rise to Reach $1.4B

    May 8, 2018

    About 301,580 consumers reported cyber-fraud and malware attacks to the FBI’s Internet Crime Complaint Center (IC3) last year – with reported losses exceeding a whopping $1.4 billion. The year’s haul of reports brings the overall total of complaints since the IC3 began recording such things to 4 million. Read more… Source: ThreatPost  

  • Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

    May 8, 2018

    Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet. The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a remote attacker ...

  • UK Manufacturers Top Attack Target For Cyber Crooks

    May 8, 2018

    Manufacturing was the sector most attacked by cyber-criminals in the UK last year, a report from NTT Security has found, mirroring warnings from other agencies including the UK’s National Cyber Security Centre (NCSC) . The firm’s Global Threat Intelligence Report 2018 found that finance was the most targeted sector worldwide, accounting for 26 percent of attacks, including ...

  • First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection

    May 7, 2018

    Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10. Read more… Source: The ...

  • Report: Intel Facing New Spectre-Like Security Flaws

    May 4, 2018

    Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges.  The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CPUs have been reported to the manufacturer by many ...

  • GLitch: New ‘Rowhammer’ Attack Can Remotely Hijack Android Phones

    May 3, 2018

    For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely. Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones. Rowhammer is a problem ...

  • A critical security flaw in popular industrial software put power plants at risk

    May 2, 2018

    A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to ...

  • This malware checks your system temperature to sidestep sandboxing

    May 1, 2018

    GravityRAT is a Trojan which checks the temperature of a system to detect the presence of virtual machines (VMs) and prevent efforts at analysis by researchers. By taking thermal readings, the Remote Access Trojan (RAT), which has become a recent menace in India, attempts to find out whether or not VMs are being employed for the ...

  • Millions of Home Fiber Routers Vulnerable to Complete Takeover

    May 1, 2018

    Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories). A comprehensive assessment of various GPON home routers by vpnMentor has ...

  • Volkswagen Cars Open To Remote Hacking, Researchers Warn

    May 1, 2018

    Over the last few years, automakers like Ford, Jeep, Nissan and Toyota have all suffered car-hacking vulnerabilities in their vehicles. Now,  it looks like Volkswagen has been pulled into the mix after researchers discovered that in-vehicle infotainment (IVI) systems in certain Volkswagen-manufactured cars could be remotely hacked. Not only that, but it’s possible to pivot to more critical ...

  • Who leaked the idea of ASD spying on Australians, and why?

    April 30, 2018

    “Secret plan to spy on Aussies,” The Sunday Telegraph headlined the story. “Two powerful government agencies are discussing radical new espionage powers that would see Australia’s cyber spy agency monitor Australian citizens for the first time.” It was a “power grab” detailed in “top secret letters” proposing that the Australian Signals Directorate (ASD) be able to use its cyber ...

  • KRACK Vulnerability Puts Medical Devices At Risk

    April 30, 2018

    A slew of devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in the WPA and WPA2 protocol for securing Wi-Fi that can cause “complete loss of control over data,” ...

  • Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

    April 30, 2018

    Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a ...

  • ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks

    April 27, 2018

    Thailand’s Computer Emergency Response Team (ThaiCERT) has seized a server operated by the North Korea-linked Hidden Cobra APT, which is used to control the global GhostSecret espionage campaign. The campaign is still ongoing. ThaiCERT said in an alert on Wednesday that it is working with McAfee and law enforcement to analyze the control server, which was located at ...

  • Hackers build a ‘Master Key’ that unlocks millions of Hotel rooms

    April 25, 2018

    If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider. A critical design vulnerability in a popular and widely used electronic lock system can be ...

  • Tech firms could face new EU regulations over fake news

    April 24, 2018

    EU security commissioner says new regulations may have to be brought in if tech firms fail to tackle issues voluntarily Brussels may threaten social media companies with regulation unless they move urgently to tackle fake news and Cambridge Analytica-style use of personal data before the European elections in 2019. The EU security commissioner, Julian King, said “short-term, ...