A destructive cyberattack hit the email provider VFEmail, a hacker wiped its servers in the United States, including the backup systems. An unknown attacker has launched a destructive cyber attack against the email provider VFEmail, he erased information on its server including backups, 18 years’ worth of customer emails were […]
Hacking
Microsoft Patch Tuesday updates for February 2019 fixes IE Zero-Day
Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, including an Internet Explorer issue that has been exploited in attacks. Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, 20 critical vulnerabilities, 54 important and 3 moderate in severity. One of the issue fixed by the […]
620 million accounts stolen from 16 hacked websites available for sale on the dark web
620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. The advertising for the sale of the […]
First Android Clipboard Hijacking Crypto Malware Found On Google Play Store
A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a « Clipper, » masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android […]
RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys […]
Abusing Exchange: One API call away from Domain Admin
In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers […]
New Android Bug Can Let Hackers Attack Phone With PNG Image File
What’s the harm in opening a digital image? Well, Google has uncovered a new method to hack Android smartphones using malicious PNG files. The problem was disclosed this week in Google’s Android security bulletin. A serious flaw in the operating system’s framework can let a remote attacker execute computer code on an Android device […]
Reverse RDP Attack: Code Execution on RDP Clients
OverviewUsed by thousands of IT professionals and security researchers worldwide, the Remote Desktop Protocol (RDP) is usually considered a safe and trustworthy application to connect to remote computers. Whether it is used to help those working remotely or to work in a safe VM environment, RDP clients are an invaluable […]
Incident de cybersécurité chez Airbus
Le groupe aéronautique européen Airbus a annoncé mercredi avoir détecté une intrusion dans le système informatique de sa division d’avions commerciaux. C’est la deuxième attaque ou intrusion visant un grand groupe français en deux jours. Airbus a annoncé dans un communiqué mercredi 30 janvier, avoir détecté un « incident de cybersécurité » dans les systèmes […]
Hackers compromise WordPress sites via Zero-Day flaws in Total Donations plugin
Security experts at Wordfence security firms discovered WordPress Sites compromised via Zero-Day vulnerabilities in Total Donations Plugin The Total Donations WordPress plugin was abandoned by its developers for this reason security experts are recommending to delete it after they discovered multiple zero-day flaws that were exploited by threat actors. The […]