/ Security News /

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government’s …

/ Security News /

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches …

/ Security News /

Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft’s IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of …

/ Security News /

What could be more horrifying than knowing that a hacker can trick the plane’s electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control? Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about …

/ Security News /

Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at least 2017 and designed to steal users’ sensitive information like their …

/ Security News /

In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at least one thing in common? That’s OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on …

/ Security News /

If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild. Discovered and reported by Samuel Groß, a cybersecurity researcher at Google …

/ Security News /

A bug hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of …

/ Security News /

The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making the sound incident response a required capability in any organization’s security stack. To assist in this critical mission, Cynet is launching a free IR tool …

/ Security News /

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, …