Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients. Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered […]
Haythem Elmir
Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS
Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to […]
Google ‘0Day In the Wild’ project tracks zero-days exploited in the Wild
White hat hackers at Google Project Zero are tracking cyber attacks exploiting zero-days before the vendor released security fixes. Experts at Google Project Zero are tracking cyber attacks exploiting zero-days as part of a project named 0Day ‘In the Wild.’ “Today, we’re sharing our tracking spreadsheet for publicly known cases of […]
XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites
A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers […]
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses
CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006. We have noticed that this ransomware has become increasingly active lately, increasing by a margin of 148 percent from February until April 2019. The uptick in detections may be due to CrySIS’ effective use of multiple […]
BlackTech espionage group exploited ASUS update process to deliver Plead Backdoor
The BlackTech cyber-espionage group exploited the ASUS update process for WebStorage application to deliver the Plead backdoor. The cyber espionage group tracked as BlackTech compromised the ASUS update process for WebStorage application to deliver the Plead backdoor. The BlackTech group was first observed by ESET on July 2018, when it was abusing code-signing certificates stolen from D-Link for […]
Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues
It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction. […]
Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been […]
Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few « selected » smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware […]
Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects […]