The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report.Back in August, the Morphisec team noticed attackers t

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service

After the UK’s National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks.According to th

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details: I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to security­ -- so I spoke at length with axi0mX on Friday. Thomas

Advanced persistent threat (APT) actors have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure, the UK’s National Cyber Security Centre (NCSC) warns.The NCSC, which is part of the UK’s GCHQ intelligence agency, issued an alert this week to warn organizations that they may b

The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices.Researchers with Google's Project Zero have disclosed a zero-day local privilege escalation vulnerability in its Android mobile operating system that could let an attacker assume control of affected devices. Evidence shows the bug is being exploited in the

Can you explain what checkm8 is?  On Friday, September 27th 2019, a security researcher known as @axi0mX publicly disclosed a vulnerability together with a working exploit called checkm8 (read “checkmate”). This permanent and unpatchable exploit leverages a vulnerability in Apple’s bootrom (read-only code; SecureROM), the initial and critical part in the se

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot

A researcher specializing in iOS security claims to have created a bootrom exploit that can be leveraged to jailbreak hundreds of millions of iOS devices, including all iPhones between iPhone 4S and iPhone X.The hacker, who uses the online moniker axi0mX, has released the exploit for free in hopes that it would benefit security researchers and the iOS jailbr

As security researchers and vendors improve the security within their products, malicious actors are continually looking for ways to bypass them and continue their efforts. This cat and mouse game continues to play out, and is best seen in how malware authors are continually developing creative ways to create new attacks or workarounds. Many times, these tec

Joomla is a popular content management system that accounts for almost 3% of all websites on the internet, and it has been downloaded over 84 million times. A static analysis organization called Rips Technologies recently found it to be vulnerable to an LDAP injection vulnerability. This vulnerability was in the Joomla code for over eight years, and the comp

The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.Concerns are high over widespread attacks targeting a newly disclosed remotely exploitable vulnerability in the popular vBulletin online forum app even though a patch for the flaw is now available.The vulnerability—a zero-day threat when it was fir

Developers of the vBulletin forum software have rushed to release a patch for a recently disclosed remote command execution vulnerability, but the flaw has already been exploited in the wild, with some claiming that its existence has been known for years.An anonymous hacker published a proof-of-concept (PoC) exploit for the zero-day on the Full Disclosure ma

A hacker has released an exploit for an unpatched remote command execution vulnerability affecting the vBulletin forum software.A proof-of-concept (PoC) exploit for the zero-day was published on the Full Disclosure mailing list by an individual who wanted to remain anonymous. It’s unclear why they have decided to release the information before vBulletin deve