Haythem Elmir

Des chercheurs d’ESET et Microsoft ont publié les détails techniques de deux vulnérabilités de type «zero-day»  découvertes en mars 2018. Les deux failles ont été corrigées par Microsoft lors du Patch Tuesday de mai 2018. L’exploitation de la première vulnérabilité permettrait l’exécution de code arbitraire à distance dans Adobe Acrobat et […]

Maintainers of the Gentoo Linux distribution published an incident report on Wednesday after someone hijacked one of the organization’s GitHub accounts and planted malicious code. The attack started on June 28 and the hacker (or hackers) not only changed content in compromised repositories, but also locked out Gentoo developers from the targeted […]

HPE Integrated Lights-Out (iLO) est une technologie de gestion de serveurs à distance de Hewlett-Packard. Elle offre des fonctionnalités de gestion hors-bande (démarrage d’une machine éteinte à distance, accès à la console système à distance…). Une vulnérabilité importante a été identifiée dans iLO 4 et 5. Son exploitation permettrait la […]

Crooks leverage an alternative scheme to mine cryptocurrencies, they don’t inject the CoinHive JavaScript miner directly into compromised websites. Security researchers at MalwareLabs have uncovered a new crypto mining campaign that leverages an alternative scheme to mine cryptocurrencies, differently from other campaigns, crooks don’t inject the CoinHive JavaScript miner directly in compromised […]

Rainway reported that tens of thousands of Fortnite players have been infected with an adware while downloading fake v-buck generators Fortnite continues to be one of the most popular game and crooks are attempting to target millions of fans in different ways. In June, experts observed cyber criminals attempting to exploit […]

Six years after it was first spotted in the wild, the Necurs malware botnet is still out to prove that it’s a malware chameleon.  We recently discovered noteworthy changes to the way Necurs makes use of its bots, such as pushing infostealers on them and showing a special interest in […]

Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to make them more effective. The threat actors behind a recent case used macro in a more roundabout way, with a macro that searches for specific shortcut files in the user’s […]

Huawei has rolled out security fixes for some enterprise and broadcast products to address a cryptography issue tracked as CVE-2017-17174. Huawei has released security updates for some enterprise and broadcast products to address a cryptography issue that was discovered in late 2017. The vulnerability, tracked as CVE-2017-17174, is related to the […]