Latest News

2019/11/20

‘Windows Update’ Installs Cyborg Ransomware

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants.

The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers unveiled in a blog post on Tuesday. For instance, the attached file purports to be in .jpg format, even though it opens an .exe file.
2019/11/13

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.
2019/11/13

Adobe Patches Critical Bugs in Illustrator, Media Encoder

Adobe Systems is warning Illustrator 2019 users that two critical memory-corruption vulnerabilities could allow for an attacker to remotely connect to a Windows machine, execute code and gain control of the targeted system.

The create-suite behemoth also warned Tuesday, as part of its regular monthly patch advisories, that its Windows and macOS versions of its Adobe Media Encoder also have a critical vulnerability tied to an out-of-bounds write flaw.
2019/11/04

Exclusive: Government officials around the globe targeted for hacking through WhatsApp - sources

WASHINGTON (Reuters) - Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s (FB.O) WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.
2019/11/04

Google Discloses Chrome Flaw Exploited in the Wild

Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers.

The flaw (CVE-2019-13720), discovered by security researchers Anton Ivanov and Alexey Kulaev at Kaspersky, exists in Google Chrome’s audio component. Google is urging users to update to the latest version of Chrome, 78.0.3904.87 (for Windows, Mac, and Linux) as it rolls out over the coming days.

“This [updated] version addresses vulnerabilities that an attacker could exploit to take control of an affected system,” according to a Thursday Cybersecurity and Infrastructure Security Agency (CISA) alert. “One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild.”