Bad news if you’re one of the hundreds of millions of online banking users around the world. The chances are your bank’s website and web apps are horribly insecure. Researchers at security firm Positive Technologies, which has a commercial stake in securing web apps, tested 33 websites and services using its […]

Security experts at Cisco’s Talos group have discovered a total of 17 vulnerabilities in Moxa EDR-810 industrial routers manufactured by Moxa. The Moxa EDR-810 is an integrated industrial multiport router that implements firewall, NAT, VPN and managed Layer 2 switch capabilities. These devices are used in industrial environments to protect systems such […]

Gootkit banking trojan is still being distributed via the Mailgun SMTP sending service, using Microsoft’s One drive business file hosting service to deliver the malicious macro enabled word docs that in turn download the gootkit banking trojan payload from another site.  These use compromised mail accounts or websites  to relay […]

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory —a mandatory component used during the boot-up process  . According to Lenovo, who recently deployed the Intel fixes, « the configuration of the system firmware […]

TrueMove H, the biggest 4G mobile operator in Thailand suffered a data leak, 46000 people’s data store on an AWS bucked were left on accessible online, including driving licenses and passports. Let’s speak about a new data breach, this time the victim is TrueMove H, the biggest 4G mobile operator in […]

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub for “educational or information purposes,” experts started observing bad actors attempting to exploit the flaw. At the end of March, the Drupal Security Team confirmed that a “highly critical” vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the […]