Chaining 3 zero-days allowed pen testers to hack Apple macOS computers

Haythem Elmir

Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer. Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer. The attacker […]

Sofacy APT group used a new tool in latest attacks, the Cannon.

Haythem Elmir

Sofacy APT group (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign in late October and early […]

Top 10 Application Security Breaches of 2018

Haythem Elmir

The most disastrous web and mobile application security breaches and security incidents of 2018 (so far). Application security is one of the most crucial areas of data security, especially as more businesses move to cloud-based computing and make web applications a core focus of their functionality. Web applications are increasingly […]

Security bug exposes password of Instagram users

Haythem Elmir

A security bug inside Instagram’s “Download Your Data” tool that could have been exploited to expose password of thousands of users around the world. The feature « Download Your Data » was introduced in April this year after the change in the European Union’s General Data Protection Regulation (GDPR).  It allows users […]