Collaborate Disseminate
A new cryptocurrency miner has been detected infecting servers worldwide. The miner, dubbed MassMiner, is exploiting several known vulnerabilities in its malicious campaigns: An Oracle WebLogic flaw known as CVE-2017-10271 A Windows SMB flaw known as C… Continue reading MassMiner Malware Campaign Uses Major Exploits against Servers
Two magnetic tapes containing transaction details for 12 million accounts that belong to Australia’s Commonwealth Bank are missing. This incident is perhaps the largest data loss in Australia. Curiously, the incident stayed under the radar for tw… Continue reading Australia’s Commonwealth Bank Lost Financial Data of 12 Million Accounts
Check Point researchers recently took the time to review the Linux kernel, and more specifically they looked into drivers trying to roll their own usage of the mmap() function. How Was CVE-2018-8781 Discovered? The idea of re-implementing kernel functi… Continue reading CVE-2018-8781: 8-Year-Old Linux Kernel Bug Discovered
Facebook has been widely accused of being negligent and abusive in terms of the privacy of its users. However, it is not the only social network that has been caught at the crime scene. Apparently, Twitter has recently confirmed to…Read more
The post… Continue reading Twitter Gave Access to Researcher Related to Cambridge Analytica
Security researchers at Kromtech recently came across a MongoDB database that contained the personal details of more than 25,000 users who invested in the Bezop (BEZ) token. The database contained plenty of personal details including full names, home a… Continue reading Details of 25,000 Bezop Token Users Exposed by MongoDB Database
Security researchers just discovered a new phishing attack that is responsible for the distribution of over 550 million emails since Q1 2018. The campaign was first detected in the beginning of January when it was observed targeting users on a…Read m… Continue reading Campaign Delivers Over 550 Million Phishing Emails in Q1 of 2018
The world’s biggest DDoS-for-hire service, Webstresser.org, is now down thanks to a coordinated international operation. The DDoS provider was shut down on Wednesday after a thorough investigation carried out by UK’s National Crime Agency a… Continue reading Largest DDoS-for-Hire Service Taken Down, Attack Price Was $14.99
Drupalgeddon continues with one more remote code execution bug has been discovered in content management system. Identified as CVE-2018-7602, the highly critical vulnerability affects Drupal versions 7.x and 8.x. Affected users should immediately upgra… Continue reading CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild
Cryptomining malware has dethroned ransomware as the number one cyber threat, and as such, it is evolving rapidly. That being said, a Python-based Monero miner using stolen NSA exploits and disabling security features has been discovered by security re… Continue reading PyRoMine Utilizes EternalBlue Exploit, Disables Security Features
Security researchers at AdGuard recently revealed some interesting findings regarding the use of fake ad block extensions. There is evidence that some twenty million Chrome users have been tricked into downloading and installing rogue browser extension… Continue reading 20 Million Google Chrome Users Downloaded Fake Ad Block Extensions