Alert! Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious…

Read More

Understanding the security risks of Remote Desktop Protocol over the internet

RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways. Today, it is very common for businesses to use RDP as a method to access…

Read More

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are…

Read More

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from…

Read More

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to…

Read More

DHS Warns of Critical Flaws in Medtronic Medical Devices

Critical vulnerabilities impacting Medtronic Valleylab products could allow attackers to overwrite files and achieve remote code execution, the Department of Homeland Security (DHS) warns.

Read More

¡Alerta! BlueKeep explotado activamente en RDP vulnerables.

Investigadores de ciberseguridad han descubierto un nuevo ataque que se cree que es el primer intento de explotar atctivamente la infame vulnerabilidad BlueKeep RDP, para comprometer en masa los sistemas vulnerables y permitir minería de criptomonedas. En mayo de este año, Microsoft lanzó un parche para un error de ejecución de código remoto altamente crítico, denominado…

Read More

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated…

Read More

Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords

Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from…

Read More

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it’s American voting machines during the 2016 presidential election or India’s EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to…

Read More