A vulnerability in the mobile apps of major banks could have allowed attackers to steal customers’ credentials including usernames, passwords, and pin codes, according to researchers. The flaw was found in apps by HSBC, NatWest, Co-op, Santander, and Allied Irish bank. The banks in question have now all updated their apps to protect against the flaw. Uncovered by researchers in the Security and Privacy Group...
Read More
Researchers have discovered a method that hackers could use to stealthily exfiltrate data from air-gapped industrial networks by manipulating the radio frequency (RF) signal emitted by programmable logic controllers (PLCs). Attackers may be able to plant a piece of malware on an isolated network, including via compromised update mechanisms or infected USB drives, but using that malware to send valuable data outside the organization poses...
Read More
Today, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called “Process Doppelgänging.” This new attack works on all Windows versions and researchers say it bypasses most of today’s major security products. Process Doppelgänging is somewhat similar to another technique called Process Hollowing, but with a twist, as it utilizes...
Read More
A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims. According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms. This particular malware — wp-vcd — works...
Read More
Microsoft issued an emergency Windows Security Update to address a critical flaw, tracked as CVE-2017-11937, that affects the Malware Protection Engine. Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, that affects the Malware Protection Engine (MPE). The emergency fix comes a few days before Microsoft is scheduled to roll out its December Patch Tuesday updates. The critical RCE flaw could be exploited by an...
Read More
