Chimera ransomware encrypts files and publishes sensitive data on the internet

The message states in German: “You are victim of the Chimera malware. Your private files are encrypted and can not be restored without a special key file. Some applications may not function properly.  Please transfer Bitcoins to the following address to get your unique key file…”   A new type of ransomware named “Chimera” has been discovered which is targeting companies...

2,410 total views, no views today


Multiple vulnerabilities in ASUS RT-G32 router allows arbitrary code injection.

Affected products / software : ASUS RT-G32 routers with firmware and . Vulnerability overview : Cross-site scripting and cross-site request forgery vulnerabilities in the ASUS RT-G32 routers with firmware and allows remote attackers to inject arbitrary web script or HTML and change device settings including admin password. Solution / patch info / workaround : Firmware update available on...

2,097 total views, no views today


Foreign VPN service unavailable since an upgrade of China’s Great Firewall

Cyber security analysts on Thursday defended China’s Internet management after an overseas VPN (virtual private network) company on Wednesday announced some of its users in China have been unable to use the service since an upgrade of the Great Firewall, China’s Internet infrastructure. Cyber services should observe the network governance of the country for safety, analysts urged. Astrill claimed in a...

3,288 total views, no views today


Critical vulnerability in vBulletin SEO extension allows remote command execution

vBSEO is a useful and widely used Search Engine Optimization (SEO) extension for the popular internet forum software package vBulletin. A critical ‘unauthenticated script injection’ vulnerability has been found in vBSEO which may lead to a full remote command execution on affected systems. An attacker can exploit the vulnerability to inject malicious code or to take down affected websites. The full command execution...

3,817 total views, 3 views today


Critical privilege escalation vulnerability found in Windows 8.1

A critical security flaw has been found in Windows 8.1 which may allow an attacker to get administrator privileges on any system. All Windows 8.1 systems seems vulnerable. Google researcher (named forshaw) who found and reported the security flaw has also posted a PoC which demonstrates the vulnerability and has been tested on Windows 8.1 update, both 32 bit and 64 bit...

2,325 total views, 2 views today


Twitter login lets other people read and send your private direct messages

The mechanism that lets you use your Twitter account to log in to websites and mobile apps allows those third parties read your private direct messages and send them too, according to Rishi Lakhani, a search marketing consultant. Although the login is designed that way by Twitter — it’s not a flaw, it’s a feature! — most Twitter users have no...

5,574 total views, no views today


Apple releases security update for critical vulnerability in OS X

  Apple has issued an important security update to address a critical security issue with OS X’s Network Time Protocol (NTP) service. Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. Current vulnerability allows an attacker to overflow several buffers by crafting special packets which may allow arbitrary malicious code to be executed...

1,865 total views, no views today


12 million home and business routers vulnerable to critical ‘Misfortune Cookie’ vulnerability.

A critical vulnerability present on millions of routers in homes and businesses allows attackers to remotely take over the device with administrative privileges and remotely monitor users’ traffic. The  vulnerability, which is dubbed as ‘Misfotune Cookie’ (identified as CVE-2014-9222) affects more than 12 million router devices from different models and brands around the world. Also if your small office/home office (SOHO) router is vulnerable, then attackers...

2,953 total views, no views today


The FBI used Metasploit to unmask TOR users

The Tor network has been getting a lot of attention lately and one of the most frequent questions people ask is, “Is it less anonymous than we think?” Multiple ways of unmasking Tor network users revealed recently such as exploiting a Firefox vulnerability or analysing Cisco’s ‘Netflow’ data. And according to ‘Wired’ report, one of them called “Decloaking Engine”  is used by FBI to help...

6,370 total views, no views today


New WordPress vulnerability gives admin rights to attackers, 90 percent of the WordPress sites affected.

WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL which is being used by millions of websites  ( 23,3% of all the websites ). A dangerous XSS vulnerability has been found in WordPress versions prior to 4.0.  The critical XSS vulnerability even allows an attacker to gain full administrative control of the vulnerable...

3,985 total views, no views today


POODLE returned! Now affecting TLS protocol and likely to hit some of the most popular websites

The serious POODLE vulnerability which affected millions of web sites returned and the new variant is likely to affect some of the most popular web sites in the world. Before sharing the details about newly announced threat, let’s remember the POODLE vulnerability. About two months ago, Google published a paper about a serious vulnerability called POODLE, which stands for “Padding Oracle On Downgraded...

2,902 total views, no views today


Facebook vulnerability allows reading of local files on Facebook’s servers.

Josip Franjković , an Information Technologies student found and reported a vulnerability in Facebook which allows reading of local files on Facebook’s servers.  Facebook’s security team fixed the vulnerability in 10 hours after Josip reported.  The vulnerable part of Facebook which contained the arbitrary local file read bug was ‘Facebook Careers‘ resume uploader. Resume uploader is located on the page which appears after...

3,424 total views, no views today


New POS malware attacks Mass Transit Systems, targets Ticket Machines and Electronic Kiosks

A POS malware usually targets Point-Of-Sale systems because they become readily available to small and mid-sized businesses and modern POS systems are tied to a business’s payment processing, inventory, and customer relationship management (CRM) functions. But a cyber threat intelligence firm from Los Angeles, IntelCrawler, has identified a new type of Point-of-Sale malware which also hits Mass transit Systems and makes possible the leak of payment data...

2,271 total views, no views today


Automakers aim to drive away car computer hackers

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that — given time — they would be able to pop the trunk and start the windshield wipers, cut the brakes or lock them up, and even kill the engine. Their motives were not malicious. These hackers worked on behalf of the...

1,552 total views, no views today


Dirtbox devices on spy planes used to target criminals, but also collecting data from thousands of other phones

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five...

1,572 total views, no views today


Swedish hacker finds ‘serious’ vulnerability in Apple’s OS X Yosemite

A white-hat hacker from Sweden says he’s found a serious security hole in Apple’s Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability “rootpipe” and has explained how he found it and how you can protect against it. It’s a so-called privilege escalation vulnerability,...

1,674 total views, no views today


White House computer network hacked

White House computer network was hit by hackers, resulting in a series of outages and connectivity issues, a White House official said Tuesday. The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was...

1,531 total views, no views today


Windows hit by new 0-day attack.It’s exploited via malicious PowerPoint documents.

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”. The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files...

1,854 total views, no views today


MasterCard with a built-in fingerprint scanner is coming in 2015

  MasterCard partnered with Zwipe to create the world’s first credit card that combines biometric authentication and contactless payment technology. Financial institution Sparebanken DIN of Norway conducted a live pilot of the Zwipe MasterCard over the last few months. For security purposes, the fingerprints of the user are stored in the Zwipe MasterCard instead of an external database. The biometric authentication technology...

3,610 total views, no views today


Drupal releases patch for severe SQL injection vulnerability, which allows attackers to gain full control of the database

  AFFECTED PLATFORM:       All of  the Drupal 7.x  releases prior to 7.32 are affected. PATCH/FIX:       Fixed in the latest version, Drupal 7.32.  A  patch also available if you are unable to update to Drupal 7.32 .  (Please see details below)   Drupal is a free and open-source content-management framework written in PHP and distributed under the GNU General...

1,503 total views, no views today