A series of targeted phishing attacks from an unknown APT group is characterized by the use of fileless malware embedded in the Windows Error Reporting system process. You have Windows error An unknown APT group attacks victims with the help…
Google Project Zero specialists detected a zero-day problem in the Windows kernel (CVE-2020-17087). It is reported that this bug can be used by local access attacker for privilege escalation and sandbox escape. Worse, it is already used in targeted attacks….
Often, users who have a website, want to share this information with the world through a video. However, not everyone has the ability to create such a video – either they lack the skills or the money to assign it…
According to Izvestia, specialists in hacker circles are creating their own analogue of the ECSD (a single data center, where the records of the Moscow video surveillance system get). However, their system is not limited to the city video surveillance…
Scientists have created a program that can continuously recognize live human speech with high accuracy faster than people can. The percentage of errors in the new algorithm is lower than in humans. Speech recognition has so far been the Achilles’…
Rapid7 analysts and independent IS expert Rafay Baloch detected that seven popular mobile browsers allow malicious sites to change their URLs and show spoofing in the address bar. In fact, the problem of spoofing the address bar is as big…
Generating a preview of the links sent by messengers for mobile devices, including Facebook, Instagram and others, can be a risk for users and servers. Remote Start and Leak-IP Addresses In a variety of applications for iOS and Android, equipped…
Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as…
Microsoft will block installation of incorrect third-party drivers for Windows 10 and Windows Server users. According to the plan, this will save you from unnecessary compatibility problems and unexpected bugs. “When installing drivers created by third-party companies, users may see…
The researchers modified the firmware of XR11 so that the microphone could be turned on remotely. Guardicore found a number of vulnerabilities in the XR11 remote control for Xfinity subscribers (a subsidiary of U.S. telecommunications corporation Comcast). According to them,…
Malwarebytes experts have discovered a hack group that engages in cyber-espionage and abuses the Windows Error Reporting (WER) functionality to conduct file-free attacks. In general, using WER to bypass protection is not a new tactic, but now it seems to…
The TeamTNT cybercriminal group has recently updated its malicious program with cryptomainer features. The network worm can now steal passwords from victims and more easily spread to other devices with an additional network scanner. TeamTNT is best known for its…
Juniper experts identified numerous malicious campaigns that are used to deliver payload paste sites (instead of conventional C&C servers). Thus, hackers hide their malicious code in plain sight and, among other things, save on infrastructure. The researchers write that the…
An unidentified cybercriminal group injects malicious code into a legitimate Windows Error Reporting (WER) service as part of a dangerous fileless attack. This technique helps bypass detection by protective means. Frankly speaking, WER operation is not such a new method,…
Dangerous vulnerabilities were detected in Pepperl+Fuchs industrial switches Comtrol RocketLinx (CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503 and CVE-2020-12504). Operation of some of them allows for full control over the device The problems were discovered by security researchers from the Austrian IT company…
According to security researchers, two iPhone jailbreak exploits can hack into Mac and MacBook with the latest Apple T2 security chips. The technique of hacking Apple computers with two iPhone jailbreaks is very complex, and its discussion for several weeks…
Security researchers from CyberArk Labs have identified vulnerabilities in popular antivirus products. In case of successful exploitation these gaps allow attackers to increase rights in the system. Since antiviruses work with elevated privileges, flaws in their code can be especially dangerous….
According to Palo Alto Networks specialists, malicious activity was detected on some sites with the highest traffic. According to the results of research by Palo Alto Networks specialists, a large number of popular sites from the top 10,000 Alexa ranking…
Cybercriminals attack Windows 7 users, using as bait the free upgrade to a more modern version of the operating system – Windows 10. In fact, the attackers are trying to steal the records of the victims. As of October 2020,…
Vulnerabilities in Cisco IOS XE software, WordPress plug-ins, FoxRider software etc. were detected. Cisco Systems has fixed several vulnerabilities ( CVE-2020-3141 and CVE-2020-3425 ) in its IOS XE software. Their exploitation allowed the remote attacker to increase privileges on the…
Cyber-crime group APT-C-23 (other names Two-Tailed Scorpion and Desert Scorpion) armed with a new version of spyware for Android devices with an updated C& C-strategy and advanced spy functionality for tracking users of WhatsApp and Telegram. Currently, the malware Android/SpyC32.A…
In Firefox for Android serious vulnerability in the implementation of the protocol SSDP, used to detect network services on the local network. The vulnerability allows an attacker located on the same LAN or wireless network to respond to Firefox test…
Scientists have created a technique by which the computer can track signals from the human brain, as well as simulate visual perception. Thanks to this artificial intelligence has learned to demonstrate previously unknown information, published the journal Scientific Reports. The…
Source code for several operating systems, including Windows XP and Windows Server 2003, leaked to 4chan as a 42.9 gb torrent file The content of this torrent file includes source code for several older Microsoft operating systems, such as Windows…
Passwords as a means of protecting user data are completely outdated. You can pick up any of them in a few minutes using cloud computing, and the service for decrypting hashed passwords can be found in Google or Yandex in…
From October 13th Google cloud service will automatically delete files that have been in the shopping cart for more than 30 days. This should be known to users who store digital garbage on “Disk” in the hope that it may…
For several months WhatsApp has been testing the function of sending media files, which should be automatically deleted for all chat participants after the specified timer. The first mention of this innovation appeared in early March. Now, with the release…
