/ Security News /

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a …

/ Security News /

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed BlueKeep, in its Windows …

/ Security News /

Cybersecurity researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily. Dubbed Skip-2.0, the backdoor malware is a post-exploitation tool that runs in the memory and lets remote attackers connect to any account on the server running …

/ Security News /

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world’s most widely used mobile operating system, Android. What’s more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, …

/ Security News /

Cybersecurity researchers have uncovered a new piece of mobile surveillance malware believed to be developed by a Russian defense contractor that has been sanctioned for interfering with the 2016 U.S. presidential election. Dubbed Monokle, the mobile remote-access trojan has been actively targeting Android phones since at least March 2016 and is primarily being used in …

/ Security News /

You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability, …

/ Security News /

It’s not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week. A few days ago, The Hacker News reported about a …

/ Security News /

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax, the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also …

/ Security News /

Hacker himself got hacked. It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned. Targeting users since 2015, LokiBot is a password and cryptocoin-wallet stealer that can harvest credentials from a variety of popular web browsers, FTP, poker …

/ Security News /

Another reason to uninstall Adobe Flash Player—a new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers. South Korea’s Computer Emergency Response Team (KR-CERT) issued an alert Wednesday for a new Flash Player zero-day vulnerability that’s being actively exploited in the wild by North Korean hackers to target Windows …