Collaborate Disseminate
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. ES… Continue reading Hackers Replace MEGA Chrome Extension with Trojanized Version
Security researchers warn that there are almost 4,000 3D printers whose web-based management interfaces are exposed to the internet without authentication. The management interfaces allow attackers to download G-code project files, which define the 3D… Continue reading Thousands of 3D Printers Exposed to Attacks
Over the past six months, a group of hackers has managed to break into more than 7,000 Magento-based online shops and infected them with malicious code that steals payment card information from customers. According to security consultant Willem de Gro… Continue reading Thousands of Magento Sites Infected with Card Skimming Code
While Microsoft is still working on fixing a recently disclosed privilege escalation vulnerability in Windows, security firm ACROS Security has stepped in to provide a temporary patch for the flaw. The unofficial fix is available through 0patch.com, a… Continue reading Unofficial Patch Available for Latest Windows Zero-Day Exploit
Air Canada is forcing all users of its Mobile+ app to change their passwords after hackers managed to access the profile information, including names, email addresses, birth dates and passport details of some customers. The company detected unusual lo… Continue reading Air Canada Resets Customer Passwords After Hackers Access Data
A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter and then deleted the… Continue reading Someone Dropped a Windows Zero-Day Exploit on GitHub
Researchers have found a malware program based on Mirai that has binaries for many platforms and CPU architectures, allowing it to run even on Linux servers or Android phones. The difficulty of compiling malware that works out of the box on the large … Continue reading Mirai IoT Malware Variant Abuses Linux Cross-Compilation Framework
The Apache Struts web development framework has received new security updates to address a critical vulnerability that could allow attackers to compromise web applications and servers. Apache Struts is widely used for developing web applications in en… Continue reading Critical Vulnerability Patched in Apache Struts
Microsoft has released patches for Windows 10 and Windows Server 2016 that update the microcode for some Intel microprocessors to address CPU vulnerabilities, including the recently announced Foreshadow flaws. Foreshadow, or L1 Terminal Fault (L1TF), … Continue reading Microsoft Pushes Microcode Updates for Foreshadow CPU Flaws
The Necurs botnet has been observed pushing an unusual malware campaign that almost exclusively targets users and employees within the financial sector. Necurs is one of the largest and longest-lived botnet that’s still in operation today. Over t… Continue reading Necurs Botnet Launches Campaign Against Banks