Haythem Elmir

Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—the critical part of the iOS operating […]

There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal […]

CSS is a stylesheet language which provides a presentation for documents, all our modern websites heavily depend on the CSS. A new CSS vulnerability dubbed CSS Exfil can be used by attackers to steal data from the webpages using CSS. With the vulnerability, attackers can steal sensitive data’s including usernames, […]

We see lots of phishing attempts for email credentials. This one is slightly different than many others and much more involved and complicated. The email has a link to a site which contains a  data:text  base64 encoded content. data:text urls are dangerous and recently Internet Explorer and Google Chrome have stopped […]

Introduction GandCrab ransomware was first reported on Friday 2018-01-26.  Since then, we’ve seen it distributed by campaigns using exploit kits and HoeflerText popup windows.  But today on Wednesday 2018-02-07, we’ve also seen GandCrab ransomware distributed through malicious spam (malspam).  Today’s GandCrab is a file-less infection using a DLL file called […]

Malware Chewed Up CPU of HMI at Wastewater Facility Cryptocurrency mining malware worked its way onto four servers connected to an operational technology (OT) network at a wastewater facility in Europe, industrial cybersecurity firm Radiflow told SecurityWeek Wednesday. Radiflow says the incident is the first documented cryptocurrency malware attack to […]

As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s […]