Hacking

Security researchers from Duo Labs and the US Computer Emergency Response Team Coordination Center (CERT/CC) will release security advisories today detailing a new SAML vulnerability that allows malicious attackers to authenticate as legitimate users without knowledge of the victim’s password. The flaw affects SAML (Security Assertion Markup Language), an XML-based markup language […]

Critical Remote Code Execution vulnerability has been discovered in the most popular and most feature-rich PDF reader, Adobe Acrobat Reader DC. The vulnerability has the power to perform a stack-based buffer overflow all the executing the orbitary code when users open the vulnerable Adobe document.This Critical RCE vulnerability affected the […]

Android P, is expected to include a neat feature that prevents apps running in the background from spying on you through the camera or microphone on your cell phone. Do you cover the lens on your webcam to prevent someone from spying on you? You should, and it seems like every […]

Visa said last week that two years after US retailers started deploying terminals that could read chip-based credit and debit cards, reports of counterfeit card fraud have dropped by 70%. While modern chip-based payment cards —also known as EMV (Europay, MasterCard, Visa) cards after the three organizations that promoted the new technology— […]

The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro. After years of focusing their attention largely on desktop systems, cybercriminals have, as expected, begun ramping up attacks on mobile devices. Ransomware, banking malware, and other threats aimed at smartphones […]

Google is in the process of adding support to Chrome OS for running containerized Linux applications, according to a commit spotted in the operating system’s source code last week by Reddit users. The commit adds a new device policy to allow Linux VMs on Chrome OS for the purpose of running […]

CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug. An Adobe Flash vulnerability CVE-2018-4878 patched earlier this month is being exploited in a new phishing campaign leveraging malicious Microsoft Word documents. This critical vulnerability is a use-after-free bug that enables […]

These days it is not uncommon to find both adware and miners being installed together through adware bundles. These programs, though, are typically not created by the same developer and are just being included as different « offers » by the software monetization company. After examining a new malware sample that was […]

The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers). These are the main conclusions of months of observation by […]