Author: admin

April 26, 2017 by Jérôme Segura                                        One of the most common malware campaigns from compromised websites is known as EITest and has traditionally been redirecting victims towards exploit kits. But it also has an alternate payload for browsers other than Internet Explorer, specifically for Google Chrome, where it tricks users… Continue reading A story of fonts by the EITest HoeflerText campaign

I don’t think you could make this up   Senate employees just use passwords, and their badges sport a picture of an alternative.                                            What a real smartcard ID looks like: the DOD’s Common Access Card.    Sean Gallagher – 4/26/2017   When Congress held hearings following the breach of the systems of… Continue reading Picture this: Senate staffers’ ID cards have photo of smart chip, no security

By Eduard Kovacs on April 26, 2017   A researcher has discovered several vulnerabilities in SugarCRM’s popular customer relationship management (CRM) product. While most of the flaws appear to have been patched, the expert’s disclosure suggests that the vendor needs to make some improvements in how it communicates with individuals who report security holes. Sugar… Continue reading Expert Discloses Several Flaws Found in Sugar CRM

26th April 2017  by John E Dunn   Recently we’ve been writing about LastPass more than seems healthy.   March saw two rounds of serious flaws made public by Google’s Tavis Ormandy (quickly fixed), which seemed like a lot for a single week. Days ago, news emerged of a new issue (also fixed) in the… Continue reading More LastPass flaws: researcher pokes holes in 2FA

App dev ransacked after gang used test/test login, it is claimed                                            25 Apr 2017 at 21:04, Iain Thomson   A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers –… Continue reading After blitzing FlexiSpy, hackers declare war on all stalkerware makers: ‘We’re coming for you’

By Eduard Kovacs on April 25, 2017   A potentially serious vulnerability has been found in third-party software shipped by several major vendors for their displays. The developer has rushed to release a patch for the flaw, which is believed to affect millions of devices worldwide. The security hole was identified by researchers at SEC… Continue reading Display Software Flaw Affects Millions of Devices

April 25, 2017 by Thomas Reed                                                 iCloud is an increasingly large target for scams of all kinds. It’s a common target for scams involving phishing e-mails. The goal of such scams is to get you to click a link that takes you to a fake… Continue reading iCloud support scams

By Tom Spring April 25, 2017                                      Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States.   In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and… Continue reading xDedic Market Spilling Over With School Servers, PCs

April 25, 2017  By Pierluigi Paganini   Malware researchers from security firm ESET have discovered a new Linux threat dubbed Shishiga malware targeting systems in the wild.                                  Malware researchers from ESET have discovered a new Linux malware dubbed Linux/Shishiga targeting systems in the wild. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent)… Continue reading Linux Shishiga malware, a threat in dangerous evolution

A significant number of today’s malware attacks are through zero-day exploits. The reason – many enterprises do not have the resources to identify zero-day exploit attacks. Relying on their legacy antivirus solution for their system security program, many do believe that they are safe. However, this is far from reality. Legacy antivirus solutions provide cyber… Continue reading Most Present-Day Malware Attacks Exploit Zero-Day Vulnerabilities