Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. “This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the...
Read More
A new research has yielded yet another means to pilfer sensitive data by exploiting what’s the first “on-chip, cross-core” side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated...
Read More
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by ClĂ©ment Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. According to the update notes posted...
Read More
Microsoft has released emergency out-of-band security updates thataddress four zero-day issues (CVE-2021-26855, CVE-2021-26857,CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchangeversions that are actively exploited in the wild. Researchers at the MS Exchange Server team have released a script thatcould be used by administrators to check if their installs arevulnerable to the recently disclosed vulnerabilities. Microsoft released the tool as open-source on GitHub, it can be...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in SolarWinds Orion andServU-FTP, the most severe of which could allow for remote code execution. * SolarWinds Orion provides centralized monitoring across anorganization’s entire IT stack.* ServU-FTP is a multi-protocol file server capable of sending andreceiving files from other networked computers through various means. Successful exploitation of the most severe of these vulnerabilitiescould result in remote code execution that allows...
Read More
