Category Archives: Cybersecurity News

On Wednesday, July 17, 2019, the Kazakhstan government started intercepting internet traffic within its borders. The government further instructed all the ISPs to force their users to install a government-issued root certificate by Quaznet Trust N… Continue reading Kazakhstan government intercepts nationwide HTTPS traffic to re-encrypt with a govt-issued root certificate – Cyber-security or Cyber-surveillance?→

Europe’s satellite navigation system, Galileo, is suffering a major outage since July 11, nearing 100 hours of downtime, due to a “technical incident related to its ground infrastructure”, according to the European GNSS (Global Naviga… Continue reading EU’s satellite navigation system, Galileo, suffers major outage; nears 100 hours of downtime→

After the recent disclosure of the vulnerability in Mac’s Zoom Client, Apple was quick to patch the vulnerable component. On July 9, the same day when security researcher, Jonathan Leitschuh revealed the vulnerability publicly, Apple released a p… Continue reading Apple patched vulnerability in Mac’s Zoom Client; plans to address ‘video on by default’→

Yesterday, the Microsoft Defender Advanced Threat Protection (ATP) Research Team shared details of a fileless malware campaign through which attackers were dropping Astaroth Trojan into the memory of infected computers. We recently unearthed a campaign… Continue reading Microsoft Defender ATP detects Astaroth Trojan, a fileless, info-stealing backdoor→

A vulnerability in Mac’s Zoom Client allows any malicious website to initiate users’ camera and forcibly join a Zoom call without their authority. This vulnerability was publicly disclosed by security researcher, Jonathan Leitschuh, today. … Continue reading A zero-day vulnerability on Mac Zoom Client allows hackers to enable users’ camera, leaving 750k companies exposed→

Last week, a developer Tute Costa notified Ruby users that the strong_password v0.0.7 rubygem has been hijacked. The malicious actor published v0.0.7 containing the malicious code, which enabled the attacker to execute remote code in production. As of … Continue reading RubyGems strong_password v0.0.7 hijacked; infected thread and attacker account isolated for now→

Security researchers, Noam Rotem and Ran Locar, from vpnMentor recently revealed in their report, that a Shenzhen-based Chinese IoT management platform company, Orvibo exposed its user database online without any password protection. The Elasticsearch … Continue reading Unprotected Elasticsearch database exposes 2 billion user records from smart home devices→

Last week, an appellate court in San Francisco ruled against Facebook’s appeal to block a class-lawsuit over a massive data breach it witnessed last year. This data breach impacted nearly 30 million Facebook users. On September 25th last year, Fa… Continue reading Facebook fails to fend off a lawsuit over data breach of nearly 30 million users→