Alert! Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious…

Read More

Understanding the security risks of Remote Desktop Protocol over the internet

RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways. Today, it is very common for businesses to use RDP as a method to access…

Read More

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are…

Read More

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB…

Read More

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from…

Read More

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses. A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene. According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to…

Read More

DHS Warns of Critical Flaws in Medtronic Medical Devices

Critical vulnerabilities impacting Medtronic Valleylab products could allow attackers to overwrite files and achieve remote code execution, the Department of Homeland Security (DHS) warns.

Read More

Understanding the Ripple Effect: Large Enterprise Data Breaches Threaten Everyone

Fallout from giants at the top is one of the largest drivers of cyber-impacts on everyday people and companies. Big businesses are constantly under attack, and that affects everyone from customers and business partners to parties with national security interests. When successful, the initial compromise is only a means to an end — the real…

Read More

Using Light Beams to Control Google, Apple, Amazon Assistants

Academic researchers found that certain microphones convert light to sound, allowing voice commands to be sent to voice-controlled (VC) devices like Google Home, Amazon Echo, Facebook Portal, smartphones, or tablets. Dubbed Light Commands, the attack works from afar by shining a laser beam at microphones that use micro-electro-mechanical systems (MEMS), which convert the light into…

Read More

¡Alerta! BlueKeep explotado activamente en RDP vulnerables.

Investigadores de ciberseguridad han descubierto un nuevo ataque que se cree que es el primer intento de explotar atctivamente la infame vulnerabilidad BlueKeep RDP, para comprometer en masa los sistemas vulnerables y permitir minería de criptomonedas. En mayo de este año, Microsoft lanzó un parche para un error de ejecución de código remoto altamente crítico, denominado…

Read More