Collaborate Disseminate
Stolen or brute-forced remote desktop protocol (RDP) credentials have played a central role in many data breaches over the years and cybercriminals have made a business out of selling them on the underground market. For as little as $3, hackers can bu… Continue reading Dark Market Shop Sells RDP Access to Airport System for $10
Microsoft fixed 54 vulnerabilities across its products July 10 as part of its monthly patch cycle. Seventeen of those flaws are rated critical and three of them have been publicly disclosed before the patches were released. In terms of impact, nearly … Continue reading Microsoft Fixes 54 Vulnerabilities on July’s Patch Tuesday
A cyberespionage group has stolen code-signing certificates from D-Link and another Taiwanese technology company and used them to sign a backdoor program. BlackTech is a group of attackers known for targeting organizations from East Asia, particularly… Continue reading Cyberespionage Group Steals Certificates to Sign Malware
The Gentoo Linux project has finished investigating the hacking last week of its GitHub-hosted package repository, an incident that resulted in attackers distributing malicious code to users. The point of entry turned out to be a weak admin password t… Continue reading Gentoo Repository Compromised Due to Weak Admin Password
After abusing Microsoft Office macros, Dynamic Data Exchange (DDE) and Object Linking and Embedding (OLE), attackers have found a new document feature they can leverage to execute malicious code on computers. The new attack vector was first documented… Continue reading Attackers Test New Document Attack Vector That Slips Past Office Defenses
A new attack that uses documents with malicious macros modifies legitimate application shortcut files from the Windows desktop to trick users into executing a backdoor program. The poisoned documents distributing this threat were observed recently by … Continue reading Macros-based Attack Deploys Malware by Hijacking Desktop Shortcuts
The Long-Term Evolution (LTE) mobile communications standard, also known as 4G, has much better security than its predecessor, the GSM, but is far from perfect. A team of researchers has demonstrated new techniques that allow hackers to launch both pa… Continue reading LTE Mobile Standard Weakness Allows DNS Spoofing, Website Fingerprinting
A team of researchers from several universities and private companies has developed a new attack that breaks a fundamental security layer in Android and affects the majority of mobile devices released over the past six years. Dubbed Rampage, the attac… Continue reading Major Attack ‘Rampage’ Puts Android Devices at Risk
WPA3, the new iteration of the Wireless Protected Access (WPA) standard announced earlier this year, has now been added to the Wi-Fi Alliance’s Wi-Fi certification program. This is a major step toward its adoption because wireless device manufac… Continue reading Wireless Security: The Next Step, WPA3, Is Ready for Prime Time