Category Archives : News

Home  >>  News

New CVE-2018-8373 Exploit Spotted

On Październik 28, 2018, Posted by , In News, By ,,,,, , With Możliwość komentowania New CVE-2018-8373 Exploit Spotted została wyłączona

On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.  It’s important to note that this exploit doesn’t work on…

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

On Październik 28, 2018, Posted by , In News, By ,,, , With Możliwość komentowania LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group została wyłączona

ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe Read more: https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/

My phone is spying on me, so I decided to spy on it

On Październik 28, 2018, Posted by , In News, By ,,,, , With Możliwość komentowania My phone is spying on me, so I decided to spy on it została wyłączona

If your phone is turned on and has signal, it can be communicating — whether you’ve asked it to or not — with a wide variety of companies, many of which you won’t have any direct relationship with. And yes, this can happen even when you’re not using it. Read…

Windows 10 October 2018 Update is deleting user data — here’s how to protect yourself

On Październik 25, 2018, Posted by , In News, By ,,, , With Możliwość komentowania Windows 10 October 2018 Update is deleting user data — here’s how to protect yourself została wyłączona

Microsoft’s latest version of Windows 10 appears to be wiping out users’ data. If you’re planning to upgrade, remember to create a full backup before proceeding. Just in case. The Window 10 October 2018 Update (version 1809) is now available for download, but along with the new features and improvements,…

Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks

On Październik 25, 2018, Posted by , In News, By ,, , With Możliwość komentowania Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks została wyłączona

Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks. Read more: https://www.zdnet.com/article/gigantic-100000-strong-botnet-used-to-hijack-traffic-meant-for-brazilian-banks/

Investigating Implausible Bloomberg Supermicro Stories

On Październik 25, 2018, Posted by , In News, By ,,,, , With Możliwość komentowania Investigating Implausible Bloomberg Supermicro Stories została wyłączona

Today we are going to more thoroughly address the Bloomberg Businessweek article alleging that China targeted 30 companies by inserting chips in the manufacturing process of Supermicro servers. Despite denials from named companies and the technology press casting some reasonable doubt on the story, Bloomberg doubled down and posted a…

CVE-2018–8414: A Case Study in Responsible Disclosure

On Październik 25, 2018, Posted by , In News, By ,,,, , With Możliwość komentowania CVE-2018–8414: A Case Study in Responsible Disclosure została wyłączona

The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly. Read more: https://posts.specterops.io/cve-2018-8414-a-case-study-in-responsible-disclosure-ff74c39615ba

$50 million settlement in Yahoo security breach

On Październik 25, 2018, Posted by , In News, By , , With Możliwość komentowania $50 million settlement in Yahoo security breach została wyłączona

Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. Read more: https://www.sfgate.com/business/article/50-million-settlement-in-Yahoo-security-breach-13330628.php

Attention PGP Users: New Vulnerabilities Require You To Take Action Now

On Maj 14, 2018, Posted by , In News, By ,, , With Możliwość komentowania Attention PGP Users: New Vulnerabilities Require You To Take Action Now została wyłączona

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the…

Twitter says bug exposed user plaintext passwords

On Maj 4, 2018, Posted by , In News, By ,, , With Możliwość komentowania Twitter says bug exposed user plaintext passwords została wyłączona

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach…