A newly revealed side-channel attack can leak encrypted data from Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture. Dubbed PortSmash and tracked as CVE-2018-5407, the vulnerability affects all CPUs that rely on SMT, including Intel’s Hyper-Threading architectures. By exploiting the vulnerability, an attacker could extract sensitive data such as encryption keys from a computer’s […]
Thousands of projects are possibly impacted by a jQuery File Upload plugin vulnerability that has been actively exploited in the wild, a security researcher has discovered. Tracked as CVE-2018-9206, the security bug impacts older versions of the plugin as well, going all the way back to 2010, Akamai researcher Larry Cashdollar found out. At the […]
A serious vulnerability in the LIVE555 Streaming Media RTSP server affects popular applications, including VLC, MPlayer and others, Cisco Talos has discovered. Developed by Live Networks, Inc, LIVE555 Streaming Media represents a set of open-source C++ libraries meant for multimedia streaming. The libraries provide support for open standards used in streaming, but can also be […]
The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week. California-based Branch.io provides customers with solutions that help create deep links for referral systems, invitations, and sharing links for attribution and analytics purposes. The service is used by many popular web platforms, including […]
Facebook has shared another update on the hacker attack disclosed last week. The social media giant says there is no evidence that the attackers accessed any third-party apps. Facebook revealed on September 28 that it had reset the access tokens for 90 million accounts, including 50 million that were directly impacted and 40 million deemed […]
Fileless malware attacks, or incidents where the malicious payload doesn’t touch the disk, but is executed directly in memory instead, are on the rise, Microsoft says. Attacks that leverage fileless techniques are not new, but were recently adopted by a broader range of malware. A couple of years ago, the Kovter Trojan was well known […]
Twitter on Monday announced that it has made some changes in preparation for the upcoming midterm elections in the United States. The changes include updated rules that target fake accounts and hackers. Social media companies have been criticized for allowing their platforms to be abused for influence campaigns ahead of the 2016 presidential election in […]
The takedowns of AlphaBay and Hansa in 2017 by law enforcement gave rise to much speculation about the future of dark web marketplaces. As I’ve discussed before, an environment of fear and mistrust are driving the cybercriminal community to incorporate alternative technologies to improve security and remain below the radar as they conduct illicit business […]
A new rootkit that has been distributed via the RIG exploit kit over the past few weeks can manipulate web browsers and also contains sophisticated defense mechanisms, Check Point says. Dubbed CEIDPageLock, the malware was initially discovered a few months ago, when it was attempting to modify the homepage of a victim’s browser. The rootkit […]
A newly detailed Android spyware that has an incredibly wide-ranging protocol has been active since May 2016, Kaspersky Lab warns. Dubbed BusyGasper, the malware includes device sensors listeners (such as motion detectors), can exfiltrate data from messaging applications (WhatsApp, Viber, Facebook), includes keylogging capabilities, and supports 100 commands. Featuring a multicomponent architecture, the malware can […]
