Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser. Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers...
Read More
Grant West, a cunning hacker who goes by the online handle of “Courvoisier” on the Dark Web has been arrested by British police. The 26-year-old hacker is known for hacking over 200 companies around the world including Apple, Asda, Uber, and Just Eat, Groupon, and Nectar etc. West not only breached the security of these companies but also stole their user data before selling them on the...
Read More
Last week, the European Central Bank has published the European framework for testing financial sector resilience to cyber attacks. The framework aims to simulate the effects of cyber attacks on critical systems in the banking industry in the European Union. The move is the response to the numerous cyberheists that hit the financial industry in the past years, like the attacks against the SWIFT system and the assault against online...
Read More
The upcoming version of the Android OS —codenamed only Android P for the moment— will block applications from accessing and monitoring the operating system’s network activity. Android project developers took this decision to improve the operating system’s privacy and prevent user-installed apps from sniffing on the user’s network activity outside the app. /proc/net access abused by apps Currently, apps can access networking data by requiring...
Read More
Description: Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: * An information disclosure vulnerability in Android runtime. (CVE-2017-13309) * Multiple elevation of privilege vulnerabilities in Framework. (CVE-2017-13310, CVE-2017-13311) * Multiple information disclosure vulnerabilities in Kernel components. (CVE-2017-16643, CVE-2017-5754) *...
Read More
সোশ্যাল মিডিয়া বা সামাজিক যোগাযোগ মাধ্যম হল এক ধরনের প্রযুক্তি যা ভার্চুয়াল সম্প্রদায় এবং নেটওয়ার্কগুলির মাধ্যমে বিভিন্ন তথ্য, কর্মজীবনের বিভিন্ন তথ্য ও ধারণা, ব্যক্তি/প্রতিষ্ঠানের মত প্রকাশ ও বিভিন্ন তথ্য ভাগাভাগি(share) করতে সাহায্য করে। বর্তমান তথ্যপ্রযুক্তির অবাধ প্রবাহের যুগে সামাজিক যোগাযোগ মাধ্যম অপরিসীম গুরুত্ব বহন করে। সামাজিক যোগাযোগ মাধ্যমের সাইবার নিরাপত্তা যদি নমনীয় থাকে তাহলে সাইবার অপরাধীরা এর অপব্যবহার করে ব্যক্তি / প্রতিষ্ঠান এর অপূরণীয় ক্ষতিসাধন...
Read More
Re-emerging Dharma Ransomware distributed with new variant that developed to attack various organisation and individual systems and encrypting the victim files to demand the ransom amount. It added various futures and tactics to infiltrate the victims computer when compare old version of Dharma Ransomware. Unlike old version, it using various infections vectors such as Spam and phishing emails, Exploit Kits, SMB vulnerabilities and dropped by other malware. Old...
Read More
MassMiner – a cryptocurrency mining malware which is exploiting EternalBlue (CVE-2017-0143),[1] Apache Struts (CVE-2017-5638),[2] and Oracle WebServer (CVE-2017-10271)[3] vulnerabilities to hijack local and enterprise web servers. Initiating brute force attacks, the miner takes control over Microsoft SQL Servers and starts mining Monero cryptocurrency by consuming an excessive amount of system’s CPU and GPU resources. AlienVault,[4] the developer of commercial and open source solutions to manage cyber attacks, and the...
Read More
Kaspersky Lab has discovered a brand new cyber-spying campaign targeting Android users via Telegram chat app and infected websites while watering holes is the preferred attack vector. Watering holes is a technique in which famous websites are infected with malware so that visitors unknowingly get their devices infected. The main targets of this campaign are users in the Middle East and North Africa (primarily Morocco, Egypt, Lebanon, Jordan, and Iran)....
Read More
It would be nice to imagine that if the various contenders for “inventor of the password” had known how much of a hassle its computer variety would end up posing centuries later, they would never have bothered. Or maybe that inventor – perhaps a Gileadite or Roman soldier – just didn’t care about the tradeoff between security and convenience that would plague us in the internet era....
Read More
