Microsoft Won't Patch a Severe Skype Vulnerability Anytime Soon

Source: The Hacking News
A serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user.

The worst part is that this vulnerability will not be patched by Microsoft anytime soon.

It’s not because the flaw is


Microsoft Won't Patch a Severe Skype Vulnerability Anytime Soon
Microsoft Won't Patch a Severe Skype Vulnerability Anytime Soon
The Hacking News
{$excerpt:n}

Uncategorized

Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities

Source: The Hacking News
Microsoft’s Patch Tuesday for this month falls the day before the most romantic day of the year.

Yes, it’s Valentine’s, and the tech giant has released its monthly security update for February 2018, addressing a total of 50 CVE-listed vulnerabilities in its Windows operating system, Microsoft Office, web browsers and other products.

Fourteen of the security updates are listed as critical, 34


Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
The Hacking News
{$excerpt:n}

Uncategorized

Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware

Source: The Hacking News
A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram


Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware
Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware
The Hacking News
{$excerpt:n}

Uncategorized

PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

Source: The Hacking News
The Pyeongchang Winter Olympics taking place in South Korea was disrupted over the weekend following a malware attack before and during the opening ceremony on Friday.

The cyber attack coincided with 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of televisions and internet at the main press center,


PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack
PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack
The Hacking News
{$excerpt:n}

Uncategorized

Thousands of Government Websites Hacked to Mine Cryptocurrencies

Source: The Hacking News
There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies.

Thousands of government websites around the world have been found infected with a specific script that secretly forces visitors’ computers to mine


Thousands of Government Websites Hacked to Mine Cryptocurrencies
Thousands of Government Websites Hacked to Mine Cryptocurrencies
The Hacking News
{$excerpt:n}

Uncategorized

BootStomp – Find Android Bootloader Vulnerabilities

BootStomp – Find Android Bootloader Vulnerabilities

BootStomp is a Python-based tool, with Docker support that helps you find two different classes of Android bootloader vulnerabilities and bugs. It looks for memory corruption and state storage vulnerabilities.

Note that BootStomp works with boot-loaders compiled for ARM architectures (32 and 64 bits both) and that results might slightly vary depending on angr and Z3’s versions. This is because of the time angr takes to analyze basic blocks and to Z3’s expression concretization results.

Read the rest of BootStomp – Find Android Bootloader Vulnerabilities now! Only available at Darknet.

Source: Darknet

Uncategorized

Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins

Source: The Hacking News
Two days ago when infosec bods claimed to have uncovered what’s believed to be the first case of a SCADA network (a water utility) infected with cryptocurrency-mining malware, a batch of journalists accused other authors of making fear-mongering headlines, taunting that the next headline could be about cryptocurrency-miner detected in a nuclear plant.

It seems that now they have to run a


Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins
Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins
The Hacking News
{$excerpt:n}

Uncategorized

Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018

Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018

Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68. It’s a pretty strong move, but Google and the Internet, in general, has been moving in this direction for a while.

It started with suggestions, then forced SSL on all sites behind logins, then mixed-content warnings, then showing HTTP sites are not-secured and now it’s going to be outright marked as insecure.

Read the rest of Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 now! Only available at Darknet.

Source: Darknet

Uncategorized

WordPress Update Breaks Automatic Update Feature—Apply Manual Update

Source: The Hacking News
WordPress administrators are once again in trouble.

WordPress version 4.9.3 was released earlier this week with patches for a total 34 vulnerabilities, but unfortunately, the new version broke the automatic update mechanism for millions of WordPress websites.

WordPress team has now issued a new maintenance update, WordPress 4.9.4, to patch this severe bug, which WordPress admins have to


WordPress Update Breaks Automatic Update Feature—Apply Manual Update
WordPress Update Breaks Automatic Update Feature—Apply Manual Update
The Hacking News
{$excerpt:n}

Uncategorized

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

Source: The Hacking News
Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect.

A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems.

Since the new POS malware relies upon


New Point-of-Sale Malware Steals Credit Card Data via DNS Queries
New Point-of-Sale Malware Steals Credit Card Data via DNS Queries
The Hacking News
{$excerpt:n}

Uncategorized
%d bloggers like this: