Malware Meets Politics With Trump and Clinton Themed Infections

Just as people express their political views through art, malware developers express their political ideologies, hopes, and frustrations through the computer infections they create. While investigating a recent malspam campaign, the Cisco Talos Group noticed that the payload was named Trump.exe. Noticing the politically themed name, Talos began researching other malicious programs that contained political…

Read More

Office 365 to Prevent Malicious Docs From Infecting Windows

Microsoft Office 365 ProPlus is getting a new feature called Application Guard that will allow users to open attachments in a virtualized container to protect Windows from malicious macros and exploits. Microsoft Edge for Windows 10 includes a feature called Windows Defender Application Guard that allows you to launch a browser tab into a special…

Read More

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated…

Read More

Android bug lets hackers plant malware via NFC beaming

All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019. Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam.…

Read More

GandCrab RaaS Was a Training Ground for Malware Distributors

GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals. Instead of keeping the operation private, limited to a small circle of experienced cybercriminals, they opened the doors to newcomers, advertised, built a relationship with customers and affiliates, and communicated with victims and researchers…

Read More

Pwn2Own Hacking Event Expands to Industrial Control Systems

The Pwn2Own hacking competition that will take place in Miami South Beach in January 2020 will also include popular Industrial Control Systems (ICS) protocols and software for the first time. This year, as part of the 2019 contest that took place in Vancouver, ethical hacking teams also had the chance to hack their way into a Tesla Model 3’s Chromium-based infotainment…

Read More

Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords

Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from…

Read More

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it’s American voting machines during the 2016 presidential election or India’s EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to…

Read More

Hacker Breached Servers Belonging to Multiple VPN Providers

Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.  Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked…

Read More

Mozilla Rolls Out Code Injection Attack Protection in Firefox

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts occurrences. “A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence hardening…

Read More