Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network. The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used […]
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. This vulnerability affects all Cisco Webex Meetings Desktop App releases between 33.6.4.15 and 33.8.2.7, with prior versions probably being affected by […]
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. EdgeSpot claims to have identified several samples in the wild. When one of the PDFs is opened with Chrome, a document […]
Charging stations for electric cars have sprung up across the country in recent years as hybrid vehicles continue to gain popularity. As those stations carry more wattage, their potential effect on local power flows has grown.The trend caught the eye of researchers at a top government cybersecurity lab, who have […]
If anyone reading this works in InfoSec, as I do then you will know that a company’s internal network, once compromised, is now more likely to be ransacked by automated scripts using tools already on the network and white-listed than a piece of malware. This according to researchers with IBM’s X-Force, […]
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers. Recently, attacks have been conducted via skimmer, which is a piece of code that is either directly injected into a hacked site or referenced externally. Its purpose is to watch for […]
On February 23, 2019, Anomali Labs found a suspicious-looking subdomain transportation[.]gov[.]bidsync[.]kela[.]pw containing the legitimate domain transportation.gov for the U.S. Department of Transportation (DOT). When users visit the domain in their web browsers, they are redirected to a phishing site located at <hxxps://transportation[.]gov[.]qq-1[.]pw/V1/> that is designed to appear as a DOT […]
Two high-severity flaws in the SHAREit Android app allow an attacker to bypass the file transfer application’s device authentication mechanism – and ultimately download content and arbitrary files from the victim’s device, along with a raft of data such as Facebook tokens and cookies. TL;DR This blog post is about […]
A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to share. The sample itself is a Word document which is emailed as part of a phishing attack. If the user interacts with the document, it would download a payload to run on […]
Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.The Mozilla Corporation, which is the arm of the Mozilla Foundation that develops and maintains its software, made the striking warnings in a letter to the country’s government last week. The letter, written to […]
Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware. Researchers at Proofpoint found that the malware campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ online payments, such as online shopping portals. In a blog […]
Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users’ browsers even after users have closed or navigated away from the web page on which they got infected. This new attack, called MarioNet, opens the door for assembling giant botnets from […]
Cyber criminals are willing to pay more than a million dollars a year to skilled information security professionals who are willing to don a black hat. Skills including network management, penetration testing and programming skills are particularly in demand, reveals digital security company Dark Shadows in a recent report. Research on the […]
Security researchers have discovered a new Malspam campaign exploiting the recently discovered WinRAR ACE flaw to install malware on the computer. Last week security researchers at Checkpoint disclosed a 19-year-old vulnerability in WinRARwhich can be exploited by attackers to execute malicious code on the targeted system. The flaw was a […]
Executive Summary Since at least 2015, a suspected South Asian threat grouping known as BITTER has been targeting Pakistan and Chinese organizations using variants of a previously unreported downloader. We have named this malware family ArtraDownloader based on a PDB string discovered within the samples. We’ve observed three variants of this downloader […]