The popular Steam game client for Windows has a zero-day privilege escalation vulnerability that can allow an attacker with limited permissions to run a program as an administrator | Continue reading
The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs. | Continue reading
Both Microsoft and Redhat have released advisories about a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system. | Continue reading
Misconfigured Jira servers from big names in the tech industry exposed information about internal projects and users that could be accessed by anyone with a good command of advanced search operators. | Continue reading
Security researchers have uncovered a new DealPly variant which uses a new method to avoid detection by abusing the reputation services provided by Microsoft's SmartScreen and McAfee's WebAdvisor. | Continue reading
Google is planning to add a new security feature to the Chrome web browser designed to block potential attackers from launching side-channel attacks and tracking a user's activity by abusing the browser's HTTP cache. | Continue reading
After installing Google Chrome 76, if you feel like something is missing from the address bar you would be correct. This is because Google has decided to once again hide, or elide, the "www" subdomain and also "https://" from the address of the web site you are visiting. | Continue reading
An iMessage vulnerability patched by Apple as part of the 12.4 iOS update allows potential attackers to read contents of files stored on iOS devices remotely with no user interaction, as user mobile with no sandbox. | Continue reading
A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications. | Continue reading
Almost a dozen serious vulnerabilities have been sitting for the past 13 years in the VxWorks real-time operating system (RTOS) used to power mission-critical embedded devices. | Continue reading
A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications. | Continue reading
The frequency of business email compromise (BEC) scams has increased year over year and so did the value of attempted thefts, reaching a monthly average of more than $300 million. | Continue reading
In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor. | Continue reading
The data breach monitoring service Haveibeenpwned.com has added a database dump of almost 101 million Evite users who had their information exposed when attackers gained unauthorized access to their servers. | Continue reading
A ransomware attack at New York City's Monroe College has shutdown the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. | Continue reading
Twitter is down after experiencing a worldwide outage caused by a service disruption issues, with people from all over the world currently unable to access the social networking platform. | Continue reading
The Pale Moon web browser team announced today that their Windows archive servers were breached an the hackers infected all archived installers of Pale Moon 27.6.2 and below with a malware dropper on December 27, 2017. | Continue reading
A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers. | Continue reading
Phishing scammers are coming up with more innovative methods to convince their targets to provide login credentials. Such is the case with a new OneNote Audio Note phishing campaign that is currently underway. | Continue reading
The Maryland Department of Labor (Maryland DoL) published a press release today explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party. | Continue reading
A Lua-based backdoor malware capable of targeting both Linux and Windows users while securing its communication channels via DNS over HTTPS (DoH) was discovered by researchers at Network Security Research Lab of Qihoo 360. | Continue reading
Google is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th. | Continue reading
Security researchers discovered vulnerabilities in the gaming platform from Electronic Arts (EA) that could have allowed an attacker to take over the accounts of as many as 300 million users. | Continue reading
In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big … | Continue reading
A retrospective look at the phishing trends from the first quarter of 2019 shows a steep jump in the use of Microsoft's OneDrive file sharing service to host malicious files. | Continue reading
Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest … | Continue reading
While this precaution is not a complete solution against hardware attacks, it does make it harder for an attacker to achieve success. | Continue reading
A denial of service flaw found in the way recent Linux and FreeBSD kernels handle TCP networking can be exploited by remote attackers to trigger a kernel panic in vulnerable systems. | Continue reading
Are there alternatives to VPNs that provide better security and anonymity for users, and more visibility and control for IT when and where needed? While the answer depends mostly on your organization's needs, five solutions deliver where traditional VPNs fall short. | Continue reading
Security researchers have discovered an ongoing cryptojacking campaign which infects unpatched computers of businesses from all over the world with XMRig Monero miners using Equation group's leaked exploit toolkit. | Continue reading
Yubico issued a security advisory saying that an issue impacting YubiKey FIPS Series devices (versions 4.4.2 and 4.4.4) reduces the strength of generated RSA keys and ECDSA signatures after power-up. | Continue reading
Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version. | Continue reading
The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password. | Continue reading
A misconfigured and publicly accessible ElasticSearch cluster owned by FMC Consulting, a Chinese headhunting company, leaked millions of resumes and company records, as well as customers and employees PII data. | Continue reading
The open source DuckDuckGo Privacy Browser for Android version 5.26.0 with more than 5 million installs makes it possible for potential attackers to launch URL spoofing attacks targeting the app's users by exploiting an address bar spoofing vulnerability. | Continue reading
All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released. | Continue reading
Mozilla is rebranding their LockBox password management service as Lockwise and getting ready to start a trial for the desktop versions of Firefox. | Continue reading
Germany's Interior Minister Horst Seehofer purportedly wants to force messaging providers such as WhatsApp, Telegram, and Threema to provide plain text chats to law enforcement agencies on a court order as reported by Der Spiegel and from a number of other German news outlets. | Continue reading
Proof-of-concept code has been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) that allows a hacker to execute arbitrary code without user interaction. | Continue reading
Although web skimming attacks are rampant these days, the underground market for physical card skimming devices is thriving and changing at the rate of technological advancements. | Continue reading
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates. | Continue reading
Over 12,000 unsecured MongoDB databases have been deleted over the last three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. | Continue reading
TeamViewer confirmed today that it has been the victim of a cyber attack which was discovered during the autumn of 2016, but was never disclosed. This attack is thought to be of Chinese origins and utilized the Winnti backdoor. | Continue reading
Hackers compromised the script used by Best of the Web to display their trust seal on their customers' websites and to add two key logging scripts designed to sniff keystrokes from visitors. | Continue reading
Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computer's keyboard. | Continue reading
Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting. | Continue reading
It has been discovered that Google is hiding three Google Pay privacy settings unless you access the service's Settings screen through a special URL. These settings allow you to restrict whether Google Pay shares your creditworthiness, personal information, or Google Pay account … | Continue reading
A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated from alleged victims statements that are disputed by the firm that sounded the alarm. | Continue reading