/ Security News /

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with “medium-to-low level of confidence” based on the history of compromised victims—spread via an initial …

/ Security News /

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims’ knowledge. Called “SurfingAttack,” the attack leverages the unique properties of acoustic transmission in solid materials — such as tables — to “enable multiple …

/ Security News /

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed ‘Light Commands,’ the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that …

Recommended best practices for mitigating this threat include rigorous credential and privileged-access management, as well as remote-access control, and audits of legitimate remote-access logs. While these measures aim to prevent the initial attack vectors and the spread of malicious activity, there is no single proven threat response. Using a defense-in-depth strategy is likely to increase …

/ Security News /

Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server. Discovered by researchers at RIPS Technologies GmbH, the “authenticated arbitrary file deletion” vulnerability was reported 7 months ago to the WordPress security team …

/ Security News /

Shortly after Cisco’s released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over …

/ Security News /

If you have installed world’s most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible. Google’s security researcher at Project Zero discovered a serious remote code execution vulnerability in both the ‘μTorrent desktop app for Windows’ and newly launched ‘μTorrent Web’ that allows users to download …

/ Security News /

A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users’ computers and take control of them. The vulnerability has been uncovered by Google’s Project Zero vulnerability reporting team, and one of its researchers Tavis Ormandy has also posted a proof-of-concept …

/ Security News /

It’s been a terrible new-year-starting for Intel. Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally. As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware …

/ Security News /

Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data. In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices. Now, …