Yesterday, Oracle released its quarterly critical patch update (CPU) for Q3 2018, the October edition, during which the company fixed 301 vulnerabilities. Of the 301 flaws, 45 had a severity rating of 9.8 (on a scale of 10) and one even received the maximum 10 rating. Vulnerabilities that receive this severity […]
Haythem Elmir
Malicious RTF Documents Deliver Information Stealers
A newly discovered infection campaign is leveraging malicious RTF files to deliver information-stealing Trojans to the unsuspecting victims, Cisco Talos security researchers warn. As part of the attacks, the adversaries use a well-known exploit chain for malware delivery, but have modified it so it would not trigger anti-virus detection. The […]
Malicious Redirects from NewShareCounts.com Tweet Counter
When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the new design came with a decision to nuke their beloved Tweet count feature. Social signals can be a huge credibility indicator for visitors and site content. Who doesn’t […]
TLS 1.0 and TLS 1.1 Being Retired in 2020 by All Major Browsers
In a coordinated announcement, Microsoft, Google, Apple, and Mozilla have stated that they will be retiring the TLS 1.0 and TLS 1.1 secure communication protocols beginning in 2020. TLS (Transport Layer Security) is a protocol that can be used to encrypt communication between your web browser and a web site […]
A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence
A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S. According to the Onslow Water and Sewer Authority (aka ONWASA) some internal systems were infected with the Emotet malware, but the regular water service was not impacted. […]
Russia-linked APT group DustSquad targets diplomatic entities in Central Asia
Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. Earlier October, security experts from ESET shared details about the operations of a cyber espionage group tracked as Nomadic Octopus, a threat actor focused on diplomatic entities in Central Asia. The group has been active since […]
Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone
iOS passionate Jose Rodriguez disclosed a new passcode bypass bug that could be to access photos and contacts on a locked iPhone XS. The security passionate Jose Rodriguez has discovered a new passcode bypass bug that could be exploited on the recently released iOS 12.0.1. A few weeks ago, Rodriguez discovered a passcode bypass vulnerability […]
Google using lock screen passwords to encrypt Android Cloud backups
Google’s got your back when it comes to your backups, it says – and it’s even promising to keep its own peepers off the goods. On Friday, Google announced that it’s brokered a marriage between Android’s Backup Service and Google Cloud’s Titan Technology to keep your backups encrypted so that even the […]
35 million US voter records available for sale in a hacking forum
Millions of voter records are available for sale on the Dark Web, experts discovered over 35 million US voter records for sale in a hacking forum. Millions of voter records are available for sale on the Dark Web, experts from Anomali and Intel 471 discovered 35 million US voter records for sale […]
Pentagon data breach puts personal details of 30,000 staff at risk
The Pentagon has admitted that up to 30,000 military workers and civilian personnel have had their personal information and credit card data exposed following a security breach. The security breach occurred at a third-party vendor which provides travel management services to the Department of Defense. The vendor, which has not […]