Discovered News, Articles and Updates

IoT botnet actively exploiting Drupal CMS bug

Botnet uses compromised systems to spread infection. Security researchers have discovered a large botnet that is using a severe flaw in the Drupal CMS in order to infect other systems.

RSA: New spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an APT group allegedly with ties to Hamas.

Now your brain can be hacked to kill you; neurostimulator implants at risk

Academic researchers have discovered that brain implants, known as neurostimulators, can be hacked and could prevent patients from "speaking or moving, cause irreversible damage to his brain, or even worse, be life-threatening".

OceanLotus hacker group launches malicious MacOS backdoor

Researchers at Trend Micro have discovered how the hacker group OceanLotus, which is also known in cyber-security as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, is using a new backdoor to target MacOS computers.

Android Trojan steals data from Facebook, Skype, and Twitter messenger apps

Other instant messaging apps also targeted by malware. Researchers have discovered a new type of Android malware that steals data from instant messaging apps on Android devices.

New Sanny info-stealer campaign features targets US government agencies

Researchers this month discovered a new spear phishing campaign targeting US government agencies with an evolved version of Sanny malware, a 5-year-old information-stealer that now features a multi-stage infection process.

GhostMiner uses fileless technique to mine coins

Security researchers have discovered a new form of cryptocurrency miner that uses fileless malware to install itself on systems. The malware also removes other miners.

Github announces 4 million vulnerabilities patched in 500,000 repositories

Github announced the discovery of more than four million vulnerabilities located in 500,000 plus repositories. In 2017, the code sharing site started vulnerability scanning for known Common Vulnerabilities and Exposures.

New Fakebank malware variant intercepts calls on Android smartphones

Malware active in South Korea, redirects calls to scammers. Security researchers have discovered a new variant of the Fakebank malware.

'Kill switch' counters the memcached vulnerability

A newly discovered "kill switch" effectively counters the memcached vulnerability that led recently to massive DDoS attacks at specific targets including national security agencies, reports Corero Network Security.

Malware steals payments, cryptocurrency by modifying clipboard saved info

Researchers have discovered a new malware that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.

Browser stored personal information there for the taking: Report

Researchers have found that browsers like Chrome and Firefox store a great deal of visitor information, much of which can be easily discovered and taken by cyber-criminals.

Old version of HPE Lights-Out server management contains DoS vulnerability

Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a DoS condition.

RedDrop malware runs up big bills on Android smartphones and spies on users

Researchers warn that malware could be used to blackmail users. New malware has been discovered that could eavesdrop on Android smartphone users and run up huge bills.

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

New Word malware attacks infect systems without using macros

Security researchers have discovered a new email spam campaign that tries to get users to open up Word document attachments that downloads a password stealer as its final payload.

Olympics Malware attack may have been part of larger cyber-espionage scheme

Researchers discovered new details in the "Olympic Destroyer" malware which targeted the Winter Olympics in Pyeongchang, shedding more light on the malware's intentions and background information on the attack.

Pair of WordPress plug-ins inject malicious scripts to deliver unwanted ads

Two malicious plug-ins were recently discovered injecting obfuscated JavaScript into WordPress websites to generate advertisements that appear if a visitor clicks anywhere on the page.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

New MacOS malware steals bank log-in details and intellectual property

Security researchers have discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber-criminals to take full control of a user's Mac computer.