Critical WordPress plugin vulnerability allows spam content on your website

If you installed ‘Display Widgets’ plugin on your WordPress website, remove it immediately because the plugin includes malicious code to publish spam content on WP websites. Read more about the WordPress plugin vulnerability.   Security firm Wordfence researchers have discovered a serious vulnerability in popular WordPress plugin, called ‘Display Widgets’, that allows the author of the plugin to publish any content...

501 total views, 6 views today


Critical vulnerability in Jaxx cryptocurrency wallet app allows takeover of accounts

Cryptocurrency, or digital currency, is really really popular nowadays. Bitcoins are like modern equivalent of cash and, every day another merchant starts accepting them as payment.  While Bitcoin is the most well-known cryptocurrency, it is not the only one.  There are some 700 alternate cryptocurrencies such as Ethereum, Monero, Litecoin or Dash. Just like bank accounts where you keep your money,...

3,496 total views, 24 views today


New ‘hover link’ method used to spread malware via PowerPoint files

Since macros are an appropriate way to automate some common tasks in Microsoft Office, sometimes cyber criminals prefer to use macros to download malicious software and infect computers. However, in recent versions of Microsoft Office, macros are disabled by default, which means cyber criminals need to convince you to turn on macros or grant special privilages so that the malware can...

1,375 total views, 13 views today


Over 250 million computers infected with dangerous Fireball malware worldwide

  Checkpoint security researchers have discovered a new and dangerous malware, called Fireball, that hijacks and manipulates infected users’ web traffic to perform malicious actions. Although the dangerous Fireball ransomware is currently being used to generate ad-revenue for a large digital marketing agency in Beijing, it is capable of executing any malicious code on victim machines in order to steal user...

932 total views, 12 views today


Major credit card breach at Kmart stores, check your bank accounts!

For the second time in three years, Kmart Stores has been hit by a malware-based credit card breach. It has been revealed that cyber criminals infected Kmart Store payment data systems with a malicious code and managed to compromise certain credit card numbers. According to Kmart’s announcement, no personal information (such as names, addresses, social security numbers etc) was obtained. It...

1,211 total views, 10 views today


OneLogin hacked, change your password!

  OneLogin Inc, the US-based password and identity management software company, has confirmed that a malicious actor has managed to illegally access OneLogin data. It has been announced that all customers served by company’s US data center are affected and the database tables accessed included information about users (customer data), apps, and various types of keys. It is also reported on OneLogin support...

1,018 total views, 10 views today


Critical Google Chrome vulnerability could expose your passwords, how to protect yourself

A serious vulnerability has been discovered in Google’s Chrome web browser that could allow hackers to steal victim’s Microsoft service passwords and Windows login credentials remotely. Luckily, some workarounds exist to prevent the issue until Google releases a security update. The vulnerability exist in the way Chrome downloads files in it’s default configuration. Latest version of the popular web browser downloads files automatically...

1,131 total views, 10 views today


Database containing 560 million passwords discovered

Security researchers from Kromtech Security Research Center have discovered a massive database that contains more than 560 million email addresses and passwords collected from different sources. The database is 75+ gigabytes in size. It is also reported that this database contains structured email address-password data in readable json format (Javascript Object Notation – simply a way to store information in an...

1,055 total views, 10 views today


Bell Canada hacked, 1.9 million account details illegally accessed

Bell, Canada’s largest communications company has confirmed on Monday that an anonymous hacker has managed to illegally access Bell customer information. It has been announced that the data accessed included approximately 1.9 million customer’s active email addresses and 1.700 customer’s names and active phone numbers. Luckily, any financial data, password information or other type of sensitive data were not accesses, according to Bell...

1,322 total views, 12 views today


United Airlines cockpit door access codes accidentally posted online

United Continental Holdings Inc, the company that owns United Airlines and United Express, sent out an alert email to employees on Saturday about a breach in cockpit-door security procedures after a flight attendant mistakenly posted some information (including access codes) on a public website, Wall Street Journal reported. On some commercial aircraft, there is a keypad next to the flight deck door...

927 total views, 13 views today


WannaCry, the largest ransomware-spread campaign to date!

If you think that updating operating systems is not necessary, think again! Within the scope of the largest ransomware-spread campaign to date, more than 223.000 computers across 99 countries worldwide (including United States, Russia, India, Germany, Africa, Philippines, China …) have been infected. Here is the story behind the WannaCry ransomware and protection methods… On May 12th, National Cryptological Center of Spain...

1,040 total views, 15 views today


Multiple vulnerabilities found in Asus RT routers, update needed

Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it. Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router...

799 total views, 10 views today


New OpenBSD vulnerability allows man-in-the-middle (MitM) attack

OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching. Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s...

1,250 total views, 14 views today


A dangerous Android banking trojan discovered that targets 22 Turkish mobile banking apps

ESET researchers have discovered a dangerous Android banking trojan that masquerades as a weather forecast application on Google Play. The malware, dubbed Trojan.Android/Spy.Banker.HU, targeted the users of 22 Turkish mobile banking apps, whose credentials were harvested using fake login forms. Banking trojans are sophisticated piece of malware which designed to steal banking information by using message interception, form grabbing, keystroke logging, screen capturing, fake login...

1,171 total views, 10 views today


Filecoder.E: The new macOS-targeting ransomware distributed through Torrent websites

Experts from antivirus firm Eset have discovered a new ransomware variant, called OSX/Filecoder.E, that targets Macintosh users. It’s not the first time Mac-targeting ransomware has been detected by security researchers. In 2014, Kaspersky Labs discovered OSX.FileCoder.a ransomware, though it wasn’t complete at the time. And the next one, OSX.KeRanger was discovered in 2016 by Palo Alto researchers. The new Filecoder ransomware, designed...

1,071 total views, 12 views today


A new denial-of-service (DoS) vulnerability was discovered in BIND DNS, updates available

A serious vulnerability was discovered in multiple versions of BIND DNS software that allows a remote attacker to conduct denial-of-service (DoS) attack. BIND is the most widely used Domain Name System (DNS) on the internet that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. On Unix-like operating systems it...

1,203 total views, 12 views today


European Banks targeted by new version of ‘SmsSecurity’ Android malware

In 2014, Trend Micro discovered a cybercriminal operation, called ‘Operation Emmental’, that uses malicious apps to intercept SMS messages and hijack victim’s banking session. They uncovered that the malicious applications were posing as a banking application that supposedly generates one-time passwords (OTPs) in order to trick victims. These fake OTP generators were named as ‘SmsSecurity’. Two years later, Trend Micro researchers...

1,417 total views, 10 views today


New CryptoLuck ransomware infects victims through legitimate GoogleUpdate.exe application and DLL hijacking

A Proofpoint security researcher has discovered a new ransomware, called CryptoLuck, that infects target computers through the legitimate GoogleUpdate.exe executable and DLL hijacking. According to security researcher and exploit kit expert ‘Kafeine‘, CryptoLuck ransomware has been spotted being distributed via RIG-E exploit kit after redirection from compromised websites and malvertising. While Kafeine only specifically saw this sample through advertising in the Adult web site...

1,428 total views, 8 views today


Cisco ASR 5000 series router vulnerability allows remote attackers to cause DoS

A  vulnerability was reported in Cisco ASR 5000 and 5500 series routers that allows an unauthenticated remote attacker to conduct denial of service (DoS) attack by sending specially crafted Internet Key Exchange (IKE) messages. Cisco ASR 5000/5500 series routers are popular devices that provide single Multimedia Core Platform for common services across Wi-Fi, 3G, 4G packet core and small cells. These devices also uses...

1,931 total views, 56 views today