Apple has released a new round of security updates for iOS 12 and iCloud that resolve numerous vulnerabilities. For iOS, these updates resolve two passcode bypasses and for iCloud there are numerous, including critical, vulnerabilities that were fixed. Included in this update are also fixes for the charging and WiFi bugs that […]
Haythem Elmir
Microsoft Patches Zero-Day Under Active Attack by APT
A zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft. Microsoft has issued a patch for a zero-day bug being actively being exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows […]
New Ninth-Gen Intel CPUs Shield Against Some Spectre, Meltdown Variants
New Intel Coffee Lake CPUs offer hardware-based protections against some -but not all- Spectre and Meltdown variants. Intel’s new ninth-generation CPUs come packed with hardware-based protections against two variants of the infamous Meltdown and Spectre speculative execution attacks. The ninth-generation desktop Core processors are dubbed Coffee Lake, and became available […]
Researchers presented an improved version of the WPA KRACK attack
Security researchers who devised last year the Key Reinstallation Attack, aka KRACK attack, have disclosed new variants of the attack. Security researchers Mathy Vanhoef and Frank Piessens who devised last year the Key Reinstallation Attack against WPA, aka KRACK attack, have disclosed new variants of the attack. Last year, boffins discovered several key […]
Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
While most phishing campaigns are fairly simplistic in nature and easy to spot (they usually involve a legitimate-looking email, often with a malicious attachment or link embedded in the text), a spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign […]
BEC scams, hacked accounts available from $150 up to $5,000
Security experts from Digital Shadows have conducted an interesting study about the technique adopted by crooks to infiltrate company emails, so-called BEC scam. According to the FBI, the number of business email account (BEC) and email account compromise (EAC) scam incidents worldwide reached 78,000 between October 2013 and May 2018. Business email […]
Google Announced Google+ Shut down, Following Security Breach That Exposed 500,000 Users Accounts
Google announced Google+ shut down following the security breach that exposed 500,000 Google+ accounts. The bug allows third-party developers to access user’s name, email address, occupation, gender, and age. According to WSJ Google discovered the bug in March 2018 and they did not disclose the bug. Google+ Shut down In a blog […]
Google Criticizes Apple Over Safari Security, Flaw Disclosures
One Year After Release, Google Fuzzer Still Finds Many Flaws in Safari One year after it was released as open source by Google Project Zero, the Domato fuzzer has still found a significant number of vulnerabilities in Apple’s Safari web browser. In September 2017, Google Project Zero researcher Ivan Fratric […]
Attackers use voicemail hack to steal WhatsApp accounts
Another online account hijacking attack has emerged, this time targeting WhatsApp. The Israeli agency responsible for cybersecurity has warned its citizens about the attack, which can often be conducted without any knowledge or interaction on their part. All the attacker needs is the victim’s phone number. First documented by security […]
The Git Project addresses a critical arbitrary code execution vulnerability in Git
The Git Project released a new version of the Git client, Github Desktop, or Atom. that addressed a critical remote code execution vulnerability in the Git. The Git Project addressed a critical remote code execution vulnerability in the Git command line client, Git Desktop, and Atom. The flaw tracked as CVE-2018-17456 could be exploited […]