Category Archives: Vulnerabilities
Adobe Pushed Emergency Patches For Two Critical Flaws.
Adobe has pushed out security updates for two critical vulnerabilities . Adobe Acrobat and Reader for Windows and Mac are affected. The flaw reported by Apelt is identified as the CVE-2018-16011 and is a bug that can lead to arbitrary code execution. An Attacker can exploit the flaw by tricking an end user into clicking…
Memes in Twitter can be used to inject Malware
This new malware uses Twitter to deploy Remote Access Tojans (RATs) from a image. The malware can infect vulnerable computers and collect information, take screenshots and jump to other computers to infect them as well. Trend Micro said in their Blog Post that the malware listens for commands within the the hackers twitter account ….
Mac Malware Injects Ads Into Encrypted Traffic
A newly discovered malware infection targeting macOS devices. Malwarebytes security researchers say it has the ability of injecting ads into encrypted web traffic. This malware is call OSX.SearchAwesome, the malware is delivered by a malicious installer that arrives as an app downloaded using a torrent file. The malware installer looks like a disk image file but doesn’t have…
Microsoft Warns of Apps Exposing Private Keys
On Tuesday Microsoft notified users that digital certificates have been compromised for two apps which allowed someone to remotely spoof websites and content. The issue was that the certificate and private key were the same for anyone who installed these two applications. Which allowed a hacker to decrypt the software’s private key which compromised the…
Skype For Business brought down by the Kitten of Doom Emoji Attack
Crash Skype for Business by sending a large number of emojis 800+ kittens in one message and the client freezes the program for a few seconds. This can be exploited to perform Denial of Service attacks against Skype for Business users and compromises the availability of the program. How would an attacker go about performing…
Ransomware saw massive growth year after year.
New reports on not just ransomware but all malware saw massive growth year after year. From SonicWall the cyber-security company detected 45 percent growth of malware infections towards desktops. SoncWall spotted 300,000 new attack variants so far this year. SonicWall’s recently announced Capture Cloud Platform is designed to counter these rising threats. SonicWall Capture Threat…
Mass Email Campaign Spreading The Emotet Banking Trojan
There is another large-scale spam campaign going to spread the Emotet banking trojan. The Emotet banking trojan is mostly used as the dropper for other payloads like ICedID, Trickbot, Zeus Panda Banker and a few others. These infections can scan and harvest different types of sensitive information, scan email 180 days back, have the ability to…
Growing Botnet Uses 5 Year Old Router Flaw
A brand new botnet which is a variant of the BCMUPnP_Hunter is taking advantage of this 5 year router flaw and 360 Netlab research shows that hundreds and thousands of of bots have already seeded themselves into routers. This same bot takes advantage of the same vulnerability that was discovered in 2013 ( BroadCom UPnp…
A New Intel CPU Exploit which uses Hyper-threading to steal encrypted data
A New Intel CPU Exploit : As if the Intel CPU couldn’t catch a break. A team of researches discovered a serious side-channel vulnerability in the CPU which could allow the attacker to find protected data like OPENSSL keys, Cypto Keys, Passwords and other processes that are running but only if the CPU has multi-threading…
Kraken Ransomware Adopts RaaS Model
The author of Kraken Ransomware has adopted the ransomware-as-a-service (RaaS) Model. In the Dark Web you can find more details about joining the affiliate program which requires a small fee to be considered a trusted partner. The interesting part about this affiliate program is that you get about 70% to 80% of the earnings and requires…