Recent Comments

    Blogroll

    Search

    Archive for Malware

    Your Exchange Server Hacked? Not by Brian Krebs!!

    March 29th, 2021 by

    No, I Did Not Hack Your MS Exchange Server

    “New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.”

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    New Chrome Zero Day Flaw

    March 16th, 2021 by

    Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

    “The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months.

    Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems.

    The vulnerability exists in Blink, the browser engine for Chrome developed as part of the Chromium project. Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users.”

    Posted in Identity Theft, Malware, Patches, Security Breeches | No Comments »

    Are you using a “free” VPN? Be careful!

    March 15th, 2021 by

    21 million free VPN users’ data exposed

    “Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPN apps—SuperVPN, GeckoVPN, and ChatVPN.”

    Posted in Identity Theft, Malware | No Comments »

    Multiple Security Updates Released for Exchange Server

    March 6th, 2021 by

    Multiple Security Updates Released for Exchange Server – updated March 5, 2021
    (Updated March 5, 2021)

    “Today we are releasing several security updates for Microsoft Exchange Server to address vulnerabilities that have been used in limited targeted attacks. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem. “

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    New Checkout Skimmers Need no Power

    February 24th, 2021 by

    Checkout Skimmers Powered by Chip Cards

    “Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.”

    Posted in Identity Theft, Malware | No Comments »

    Google Chrome Zero-Day Vulnerability

    February 6th, 2021 by

    Google Chrome Zero-Day Afflicts Windows, Mac Users

    Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers.

    A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw (CVE-2021-21148) stems from a heap-buffer overflow, said Google.

    Posted in Malware, Patches | No Comments »

    SonicWall Breach

    January 28th, 2021 by

    SonicWall Breach Stems from ‘Probable’ Zero-Days

    Posted January 25, 2021:

    “SonicWall is investigating “probable” zero-day flaws in its remote access security products that have been targeted by “highly-sophisticated” attackers. The company says it is investigating the attack and will update customers within 24 hours.”

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    Attackers can hijack DNS on millions of devices

    January 20th, 2021 by

    DNSpooq bugs let attackers hijack DNS on millions of devices

    “Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices.

    Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software regularly used that adds DNS caching and Dynamic Host Configuration Protocol (DHCP) server capabilities to Internet-of-Things (IoT) and various other embedded devices.”

    Posted in Malware, Network, Security Breeches | No Comments »

    iPhones of 36 journalists hacked

    December 23rd, 2020 by

    Zero-click iMessage zero-day used to hack the iPhones of 36 journalists

    “Three dozen journalists had their iPhones hacked in July and August using what at the time was an iMessage zero-day exploit that didn’t require the victims to take any action to be infected, researchers said.”

    Posted in Identity Theft, Malware | No Comments »

    SolarWinds Security Advisory

    December 15th, 2020 by

    SolarWinds hit by FireEye attack.

    “We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack.”

    Posted in Malware, Security Breeches | No Comments »

    « Previous Entries