News Clipping


All Ledger hardware wallets vulnerable to man in the middle attack [source: hackread]

Ledger hardware wallet that is currently operating in the cryptocurrency market is vulnerable to cyber attacks. The vulnerability was identified by unknown security researchers in every single hardware wallet that allows cybercriminals to show fraudulent addresses to Ledger users/customers. When funds are requested to these addresses, the cryptocurrency is transferred to the attacker’s wallet instead of the user. Needless to say that the user will end...

Read More


Tips to Prevent WordPress Hacks in this Dangerous Digital World [source: securityaffairs]

WordPress hacks are increasingly common. Whether it’s for malicious reasons, to harm a site or to just insert backlinks, WordPress can be very vulnerable if not cared for and updated regularly. How to Prevent hacks? So, how do you prevent these security blips – this post aims to show how. Backup Regular data backup can save you lots of frustration and headache, and especially after...

Read More


Why developing an internal cybersecurity culture is essential[source: helpnetsecurity]

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of cybersecurity culture The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as...

Read More


Core Security releases security advisory on Kaspersky Labs’ Secure Mail Gateway[scmagazine]

Core Security issued an advisory for multiple vulnerabilities it found in Kaspersky Labs’ Secure Mail Gateway that if left unpatched could lead to administrative account takeover. Core Security researchers found that the Kaspersky Secure Mail Gateway, which is a virtual appliance deployed inside an organization’s network infrastructure that comes bundled with a Web Management Console that monitor the apps operation. However, the console “provides no...

Read More


Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites[thehackernews]

A simple yet serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine—without hitting with a massive amount of bandwidth, as required in network-level DDoS attacks to achieve the same. Since the company has denied patching the issue, the vulnerability (CVE-2018-6389) remains unpatched and affects almost...

Read More


Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution [source: fireeye]

On Jan. 31, KISA (KrCERT) published an advisory about an Adobe Flash zero-day vulnerability (CVE-2018-4878) being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation could potentially allow an attacker to take control of the affected system. FireEye began investigating the vulnerability following the release of the initial advisory from KISA....

Read More


Android Devices Targeted by New Monero-Mining Botnet [source: bleepingcomputer]

A new botnet appeared over the weekend, and it’s targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet came to life on Saturday, February 3, and is targeting port 5555, which on devices running the Android OS is the port used by the operating system’s native Android Debug Bridge (ADB), a debugging...

Read More


Malicious Chrome Extensions Found in Chrome Web Store [source: trendmicro]

The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains...

Read More


Smominru Botnet Infected Over 500,000 Windows Machines [source: bleepingcomputer]

Over 526,000 Windows computers —mainly Windows servers— have been infected with Monero mining software by a group that operates the biggest such botnet known to date. This group’s operations have been known to security researchers since last year, and various companies have published reports on its activity. Because the botnet is so massive and widespread, most previous reports covered only a fraction of the group’s...

Read More


The future of smartphone security: Hardware isolation [source: helpnetsecurity]

Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they queried, 100% had experienced a mobile malware attack at least once in the past. To date, most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against these threats....

Read More


Page 32 of 62« First...1020...3031323334...405060...Last »