Collaborate Disseminate
Researchers have found sophisticated Android mobile surveillance programs created by cyberespionage groups on Google’s official Play store. Such malware is generally distributed in targeted attacks by tricking victims into downloading and instal… Continue reading Mobile Surveillance Malware Found on Google Play
A highly critical vulnerability patched in the popular Drupal content management system two weeks ago is seeing a wave of exploits, some of which install cryptocurrency mining malware on servers. The vulnerability tracked as CVE-2018-7600 but also dub… Continue reading Hackers Exploit Drupal Vulnerability to Install Cryptocurrency Miners
New research shows that many Android devices are missing some security patches despite displaying patch levels that should include them. That said, implementing remote code execution attacks that can compromise Android devices without user interaction… Continue reading Many Android Devices Miss Patches But Are Still Hard to Hack
Microsoft’s April security updates include fixes for 66 vulnerabilities in Windows components, the Edge and Internet Explorer browsers, the Office suite, the Hyper-V hypervisor, Visual Studio and even a wireless keyboard. Of the 66 flaws, 22 are… Continue reading Microsoft Fixes 66 Vulnerabilities Across Its Products
Malicious Microsoft Word documents sent via email are a hacker favorite when it comes to infecting computers, but researchers have recently observed an attack campaign that uses first-stage docs without any active malicious code. Instead of using macr… Continue reading New Document Attack Exploits Design Behavior Rather than Macros
Developers of the popular Spring framework for developing Java web applications patched three vulnerabilities this past week, including a critical one that could be exploited for remote code execution. The most serious flaw is located in the spring-me… Continue reading Serious Flaws Endanger Apps Built with Spring Framework
The misuse of code signing certificates is so widespread that a larger percentage of malware downloaded to computers is digitally signed than that of benign software programs. Antivirus company Trend Micro studied 3 million software downloads on hundr… Continue reading Large Percentage of Malware Downloads Are Signed with Valid Certificates
Intel does not plan to release microcode updates for older generations of processors that are affected by the Spectre vulnerability, either because patching is not practical and for other reasons. The company released a microcode revision guidance doc… Continue reading Intel Won’t Patch Spectre on All CPUs
Cloudflare has just launched a new public Domain Name System (DNS) resolver with support for DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH), two new standards that aim to protect users’ queries from man-in-the-middle interference. The DNS service i… Continue reading Cloudflare Launches Public DNS Service with Encryption Capabilities
Microsoft has released an out-of-band patch for Windows 7 and Server 2008 systems to fix a recently identified vulnerability that allows attackers or malware to take full control of computers. The flaw (CVE-2018-1038) was introduced in January along w… Continue reading Microsoft Issues Emergency Patch for Recently Found Kernel Vulnerability