Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the initial blast spotted on Sept. 1 and lasting through Oct. 23. “Terror EK activity has been low throughout the year...
Read More
Last October, the internet broke, or stuttered, depending on who you ask. One year later, those vulnerabilities remain and a year from now, connectivity will still be at the mercy of attackers. DDoS attacks have become commonplace, but that doesn’t limit the potential negative impact on businesses. In a domain analysis of the top 100 U.S. websites — which includes companies like Netflix, Twitter, YouTube, Reddit, Amazon.com and...
Read More
Lately we have been seeing a new variant of Android banking malware which is well-developed and provides numerous unique features such as a ransomware module. Based on the BTC addresses that are used in the source code it seems that the actors behind this new Android malware are successful cybercriminals with over 1.5 million dollars in BTC. It is very unlikely that the actors behind...
Read More
ব্যাড র্যাবিট (Bad Rabbit) র্যানসমওয়্যার কি : সাইবার নিরাপত্তা গবেষকরা সম্প্রতি ‘ব্যাড র্যাবিট’ নামে নতুন একটি র্যানসমওয়্যার শনাক্ত করেছেন, যা এরই মধ্যে ইস্টার্ন ইউরোপীয় দেশগুলির সরকারী-বেসরকারী সংস্থা, ব্যবসা প্রতিষ্ঠান এই র্যানসমওয়্যার দ্বারা আক্রান্ত হয়েছে বলে জানা গিয়েছে। ‘ওয়ানাক্রাই’ WannaCry ও ‘পেটয়্যা’ Petya র্যানসমওয়্যার দুটির সাথে মিল রয়েছে এই নতুন ব্যাড র্যাবিট (Bad Rabbit) র্যানসমওয়্যার এর । এখন পর্যন্ত প্রাপ্ত তথ্য মতে জানা যায় যে, এই...
Read More
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly “great” start with the publication of a new crypto attack known as DUHK (Don’t Use Hard-coded Keys). The issue at the heart of the DUHK attack is a combination of two main factors. The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm...
Read More
Security researchers have spotted a new Android banking trojan named LokiBot that turns into ransomware and locks users’ phones when they try to remove its admin privileges. The malware is more banking trojan than ransomware — according to SfyLabs researchers, the ones who discovered it — and is used for this purpose primarily. Just like similar Android banking trojans, LokiBot works by showing fake login...
Read More
The Pirate Bay, the world’s largest BitTorrent indexer, is a massive online source for digital content– movies, games and software—and is among the top 100 most popular websites globally, according to Alexa. No stranger to controversy for its role in illegal downloads, a few weeks ago it was discovered that The Pirate Bay operators have begun using the website users’ computer resources to mine the Monero...
Read More
Description: The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is...
Read More
Description: Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. Impact: Successful exploits may allow...
Read More
Description: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Impact: An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible. Mitigation: Administrators may disable administrative privileges on...
Read More
