A massive malware outbreak that attempted to infect over 400,000 users during a 12-hour period was caused by a backdoored Russian-based BitTorrent client named MediaGet. The outbreak happened last Tuesday, on March 6. Microsoft said that the Windows Defender team picked up and stopped a massive malware operation that came out of the […]
Haythem Elmir
Researchers Who Found AMD CPU Flaws Explain Chaotic Disclosure
Ilia Luk-Zilberman, the Chief Technical Officer (CTO) of CTS Labs, the company behind yesterday’s disclosure of 13 vulnerabilities affecting AMD processors, has published an open letter today, explaining his company’s controversial actions that managed to enrage a huge portion of the tech and security research communities. CTS Labs faced a massive […]
A Bunch of Intel Microcode Patches Have Arrived on the Microsoft Update Catalog
Earlier this month, Microsoft announced it would be bundling Intel microcode (BIOS) updates meant to fix the graver version of the Spectre vulnerability as Windows Update packages made available via the Microsoft Update Catalog portal. Yesterday, Microsoft greatly expanded the number of such packages, extending support from the initial Skylake 6th […]
Adobe patches critical vulnerabilities in Flash, Dreamweaver
Adobe has patched a set of critical vulnerabilities which can lead to remote code execution, information leaks, and file deletion. On Tuesday, the tech giant’s security advisory noted that the vulnerabilities impact Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver CC. Two vulnerabilities which relate to Flash, a use-after-free flaw (CVE-2018-4919) and […]
March 2018 SAP Security Patch Day addresses decade-old vulnerabilities
SAP released March 2018 SAP Security Patch Day that addresses High and Medium priority vulnerabilities in its products, including three decade-old issues in SAP Internet Graphics Server. March 2018 SAP Security Patch Day includes 10 Security Notes, three rated High priority and 7 rated as Medium priority. The company also released […]
Malicious activity surges coincide with geopolitical events
Comodo released its Global Malware Report 2017, which culminates a year of security analysis and research into threat patterns. Among its major findings: 2017 was a year of multiple geopolitical events that corresponded with major malware spikes in enterprise security. Researchers witnessed diverse malware attacks coinciding with geopolitical events, including: U.S. […]
Hackers allegedly steal confidential reports from Police server
Hackers allegedly stole hundreds of reports using a security flaw in an online tool used by the police. In normal circumstances, police are the investigating authority but Gwent County Police in the United Kingdom is in hot water and being investigated for not informing complainers that reports they filed have […]
Is the financial sector the most vulnerable to cyber attacks?
The financial services industry is crucial to the health of the UK economy – accounting for more than a million jobs (double that employed in agriculture, for example) and contributing more than £120 billion in gross value added. The country has a healthy trade surplus of £60 billion-plus in this […]
Dangerous CredSSP flaw opens door into corporate servers
A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be exploited by MitM attackers to run code remotely on previously uninfected machines and servers in the attacked network. About CredSSP CredSSP provides single sign-on (SSO) […]
MOSQUITO attack allows to exfiltrates data from Air-Gapped computers via leverage connected speakers
MOSQUITO is new technique devised by a team of researchers at Israel’s Ben Gurion University, led by the expert Mordechai Guri, to exfiltrate data from an air-gapped network. The technique leverage connected speakers (passive speakers, headphones, or earphones) to acquire the sound from surrounding environment by exploiting a specific audio chip feature. Once […]