In popular media, hackers are often portrayed as an elite cabal of ski mask aficionados and computer experts that can keyboard mash their way into any digital device. But what if I told you that you can also pwn almost any internet connected device around you, even if you can’t tell an SSL from an SSID? Yes, my friend, the device you are looking for...
Read More
This isn’t the first time the notorious banking Trojan has made its way into Google Play Store. Security researchers have discovered that the notorious BankBot banking malware has once again snuck into Google Play store by hiding in seemingly trustworthy apps such as flashlight and Solitaire apps. According to a new report by cybersecurity firms Avast, ESET and SfyLabs, thousands of Android users have been...
Read More
Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). The vulnerabilities are severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed inside CPUs, and cause PC crashes —which should be the least of someone’s worries. One...
Read More
Description: Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard. Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to...
Read More
Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using file integrity monitoring (FIM). This security measure enables IT security teams to determine when files change, how they change, who changed them, and what can...
Read More
A Preempt survey of more than 200 employees (management level or above) from enterprise companies of 1000 or more people, found that businesses are left exposed by employees who have more access to sensitive resources than they should and who follow poor security habits. Have you ever “bent the rules” or found a security workaround in order to get something done at work? Results from...
Read More
Experts from the firm Sucuri observed a new wave of wp-vcd malware attacks that is targeting WordPress sites leveraging flaws in outdated plugins and themes A new malware campaign is threatening WordPress installs, the malicious code tracked as wp-vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and gain full control over infected websites. The malware was first spotted in...
Read More
Risk assessment is a systematic method of analyzing risk. It started in the nuclear and aeronautical industries, and has now spread to many other industries including the finance, transportation, power system, public health, shipping and fishing industries. Risk assessment tries to answer three questions: What can go wrong? How likely is it? How serious are the consequences? Risk assessment has different roles in different industries....
Read More
Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user’s screen and record system audio Based on the market share of these distributions, around 77.5% of all Android devices are affected by this vulnerability. Vulnerability resides in Android MediaProjection service To blame is MediaProjection, an Android service that is capable of capturing screen contents...
Read More
Research by Google and the University of California has found that there are more than 1.9 billion usernames and passwords available on the black market, many of which can be used to access Google accounts. According to the study, cybercriminals are gaining access to people’s passwords and flogging them on the dark web at a profit. The researchers used Google’s proprietary data to see whether or not...
Read More