Samba maintainers have just released new versions of their networking software to patch two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users’ passwords, including admin’s.
Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available today, including Windows, Linux, UNIX, IBM System 390, and OpenVMS.Read More
A massive malware outbreak that last week infected nearly half a million computers with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet.
Dubbed Dofoil (also known as Smoke Loader), the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mine Electroneum digital coins for attackers using victims’ CPU cycles.Read More
Kaspersky Lab researchers have uncovered a sophisticated threat used for cyber-espionage in the Middle East and Africa from at least 2012 until February 2018. The malware, which researchers have called ‘Slingshot’, attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victim devices.
According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications.Read More
A critical vulnerability has been discovered in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code.
CredSSP protocol has been designed to be used by RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) that takes care of securely forwarding credentials encrypted from the Windows client to the target servers for remote authentication.Read More
Kali Linux, a penetration testing app from Offensive Security, became available in the Microsoft Store on Monday.
Kali Linux Security App Lands in Microsoft StoreRead More
A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison.
Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore, to hackers for $25.Read More
Web application firewalls (WAFs) are an additional security layer that can be deployed to filter inbound traffic to web servers for malicious payloads and are a great defence when used as part of a secure system lifecycle.Read More
Bitmessage developers have warned of a critical ‘remotely executable’ zero-day vulnerability in the PyBitmessage application that was being exploited in the wild.
Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. Since it is decentralized and trustless communications, one need-not inherently trust any entities like root certificate authorities.
Those who unaware, PyBitmessage is the official client for Bitmessage messaging service.Read More
If you own a Mac computer and run the latest version of Apple’s operating system, macOS High Sierra, then you need to be extra careful with your computer.
A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk.Read More