MICROSOFT LAUNCHES CLOUD-BASED DEVELOPMENT KIT FOR BLOCKCHAIN

Big tech is getting in on blockchain in a big way. Microsoft has launched a cloud-based blockchain development kit powered by Azure. “This kit extends the capabilities of our blockchain developer templates and Azure Blockchain Workbench, which incorporates Azure services for key management, off-chain identity and data, monitoring, and messaging APIs into a reference architecture that can
Read More »

WOOCOMMERCE POPULAR WORDPRESS PLUGIN PATCHES CRITICAL VULNERABILITY

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the unpatched
Read More »

E-MAIL AS TOP ATTACK CHOICE

E-mail continues to be cyber-criminals’ vector of choice for distributing malware and phishing, according to a report released today by Proofpoint. The Quarterly Threat Report Q3 2018 found that the frequency of email fraud attacks and the number of individuals targeted per organization are continuing to rise. Credential-stealing banking Trojans comprised 94% of malicious payloads, and the number
Read More »

VESTACP COMPROMISED WITH DDOS MALWARE

The provider of an open-source hosting panel software admitted a security breach during which an unknown hacker contaminated the project’s source code with malware that logs passwords, open shells, and can launch DDoS attacks. “Our infrastructure server was hacked,” said a member of the Vesta Control Panel (VestaCP) team in a forum post. “The hackers then changed
Read More »

NEW DRUPALGEDDON ATTACKS ENLIST SHELLBOT TO OPEN BACKDOORS

Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Researchers are warning of a new wave of cyber attacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot
Read More »

NEW EXPLOIT FOR MIKROTIK ROUTER

A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was
Read More »

MINING BOT THROUGH FACEBOOK MESSENGER

Cybercriminals are using Facebook Messenger to infect computers with malware that mines cryptocurrency. Security researchers the Trend Micro cybersecurity firm said “Digmine” is targeting as many machines as possible, in order to earn monero – an alternative to bitcoin – for its creators It could also help cyber criminals completely take over a Facebook account, the researchers added. The bot
Read More »

GOOGLE HACKER DISCLOSES NEW LINUX KERNEL VULNERABILITY

A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that
Read More »