Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of mal

Experts at Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems. It has happened again, security researchers with Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems. Leaked data includes server logs and credentials f

The top U.S. markets regulator SEC announced a security breach, accessed data might have been used by crooks for insider trading. The U.S. Securities and Exchange Commission (SEC) announced that cyber criminals had previously breached its database of corporate announcements in 2016 and likely they have used it for insider trading. On Wednesday, the SEC Chair

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-

Experts at security firm Doctor Web discovered a new botnet of IoT devices leveraging the Linux.ProxyM, that is used by crooks for mass spam mailings. The most popular thingbot since now is the Mirai, but it isn’t the only one targeting Linux-based internet-of-things (IoT) devices. Researchers with security firm Doctor Web discovered a new botnet of Io

Online anonymity represents a serious problem for government and law enforcement agencies; it has been debated a long about the difficulties to investigate when suspects use anonymizing networks and communication platforms leveraging on end-to-end encryption.Now secret documents reveal that the German spy agency BND has developed a system to monitor th

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33

Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Acces

Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy. Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved. “New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially

Over the last two articles of this series, we have come a long way around kernel exploitation. We started with finding a buffer overflow in driver code to parsing of different structures to steal the token. In the final part of this series, we will combine the whole parts plus provide some finishing touches to complete the exploit.In last part of this

Researchers at the Ben-Gurion University developed a PoC malware dubbed aIR-Jumper that uses security cameras with Infrared capabilities to exfiltrate data. The team of researchers at the Ben-Gurion University of the Negev in Israel composed of Mordechai Guri, Dima Bykhovsky‏, Yuval Elovici developed a PoC malware that leverages security cameras with Infrare

The security researcher Chris Vickery discovered that Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket. Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket, a gift for hackers. Viacom controls Paramount Pictures, MTV, Comedy Central and Nickelodeon. The huge trove of dat

Kaspersky researchers discovered a new attack technique leveraging an undocumented Word feature to gather information on users. Kaspersky researchers discovered a new attack technique leveraging Microsoft Word documents to gather information on users. The technique is innovative because it doesn’t use active content such as macros or exploits, it exploits an

Users noticed a cryptocurrency miner surfaced on The Pirate Bay, the world’s largest torrenting for a day over the weekend. Pop quiz: would you rather A) see ad banners displayed at the top of the website, or B) mine Monero cryptocurrency when you visit a website? Judging by the number of downloads for ad blocking browser extensions, no one likes banner ads.