Hacking

Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—the critical part of the iOS operating […]

There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal […]

CSS is a stylesheet language which provides a presentation for documents, all our modern websites heavily depend on the CSS. A new CSS vulnerability dubbed CSS Exfil can be used by attackers to steal data from the webpages using CSS. With the vulnerability, attackers can steal sensitive data’s including usernames, […]

We see lots of phishing attempts for email credentials. This one is slightly different than many others and much more involved and complicated. The email has a link to a site which contains a  data:text  base64 encoded content. data:text urls are dangerous and recently Internet Explorer and Google Chrome have stopped […]

Introduction GandCrab ransomware was first reported on Friday 2018-01-26.  Since then, we’ve seen it distributed by campaigns using exploit kits and HoeflerText popup windows.  But today on Wednesday 2018-02-07, we’ve also seen GandCrab ransomware distributed through malicious spam (malspam).  Today’s GandCrab is a file-less infection using a DLL file called […]

Malware Chewed Up CPU of HMI at Wastewater Facility Cryptocurrency mining malware worked its way onto four servers connected to an operational technology (OT) network at a wastewater facility in Europe, industrial cybersecurity firm Radiflow told SecurityWeek Wednesday. Radiflow says the incident is the first documented cryptocurrency malware attack to […]

As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s […]

A change meant to improve Google Chrome performance will also indirectly impact cryptojacking scripts (in-browser cryptocurrency miners) and will severely reduce their efficiency. According to a design document seen by Bleeping Computer, Google engineers plan to limit the CPU power some types of JS scripts running in the browser’s background […]

The Autosploit hacking tool was developed aiming to automate the compromising of remote hosts both by collecting automatically targets as well as by using Shodan.io API. Users can define its platform search queries like Apache, IIS and so forth to gather targets to be attacked. After gathering the targets, the tool […]