An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they’re supposed to record. The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered […]
Haythem Elmir
SamSam operators switch tactic and are more focused on targeted organizations
SamSam ransomware made the headlines again, crooks now spreading thousands of copies of the ransomware at once into individual targeted organizations. Ransomware continues to be one of the most dangerous cyber threat and incident like the one suffered by the city of Atlanta demonstrates that their economic impact on victims could be severe. SamSam ransomware made […]
CVE 2018-8781 Privilege Escalation flaw was introduced in Linux Kernel 8 years ago
Researchers from security firm Check Point discovered a security vulnerability in a driver in the Linux kernel, tracked as CVE 2018-8781, that leads to local privilege escalation. The CVE 2018-8781 flaw, introduced 8 years ago, could be exploited by a local user with access to a vulnerable privileged driver to escalate local privileges and […]
Critical RCE vulnerability found in over a million GPON Home Routers
Security researchers at VPNMentor conducted a comprehensive assessment on of a number of GPON home routers and discovered a Critical remote code vulnerability that could be exploited to gain full control over them. The researchers have found a way to bypass the authentication to access the GPON home routers (CVE-2018-10561). The experts chained this authentication […]
Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. The April 2018 CPU contained a patch for CVE-2018-2628, a vulnerability in the WLS core component of WebLogic, […]
KCW Ransomware Encrypting Web Sites in Pakistan
Team Kerala Cyber Warriors, a hacking group based out of India, have begun to install ransomware on web sites based out of Pakistan. This ransomware, called KCW Ransomware, encrypts the files on a web site and then demands a ransom payment in order to get the files back. You can […]
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state. The code exploits a vulnerability in Microsoft’s handling of NTFS filesystem images and was discovered by Marius Tivadar, a security researcher with Bitdefender. NTFS bug […]
Necurs Spam Botnet operators adopt a new technique to avoid detection
Operators behind the Necurs botnet, the world’s largest spam botnet, are currently using a new evasion technique attempting to surprise the unprepared defenses. Necurs is the world’s largest spam botnet, it is composed of millions of infected computers worldwide. Necurs was not active for a long period at the beginning of […]
Tunisie Télécom maintien la certification ISO 27001 du Data Center Carthage
Tunisie Télécom maintien la certification ISO 27001 du Data Center Carthage Tunisie Telecom, l’opérateur de référence en matière de télécommunication, a le plaisir d’annoncer le maintien de la certification ISO 27001 de son Data Center Carthage, après deux années de son obtention en 2016. Cette certification a été maintenue suite […]
Les certificats SSl Symantec ne sont plus reconnus par Chrome et Firefox !
Depuis le 17 avril dernier, les navigateurs Chrome et Firefox ne reconnaissent plus les certificats émis par Symantec (et toutes ses marques – GeoTrust, Thawte, RapidSSL). Quelle conséquence majeure ? Lorsqu’un utilisateur de Chrome ou Firefox se rend sur l’URL d’un site web dont le certificat est fourni par Symantec, […]