Google discloses Microsoft Edge security flaw before it could be fixed

Google seems to be gunning for Microsoft again by going public with a vulnerability in Microsoft Edge before Microsoft could develop a patch. The flaw affects Microsoft’s Arbitrary Code Guard (ACG), which Microsoft described a year ago in a post about major security improvements released in the Creators Update of Windows 10. To mitigate arbitrary native code […]

Meet Coldroot, a nasty Mac trojan that went undetected for years

A Mac malware that can silently, remotely control a vulnerable computer and steal passwords from a user’s keychain has gone largely unnoticed by antivirus makers for two years — even though the code is readily available to download. Patrick Wardle, chief research officer at Digita Security, revealed in a blog post Tuesday details of Coldroot, a remote […]

North Korea hacking group is expanding operations, researchers say

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says. With a tool-set that includes zero-day vulnerabilities, destructive malware, and lack of concern when it comes to breaking norms and exasperating heightened tensions in […]

Bogus Linux vulnerability gets publicity

In the latest example of highly flawed security news about Android and Linux, GoSecure claims it’s discovered Chaos: a Stolen Backdoor Rising Again. Yeah. Right. Let’s look closer. First, we have a neat name. Can’t have a security bug these days without giving it a sexy name. But, what is it really? Well, it requires the attacker to […]

Rise of the ‘Hivenet’: Botnets That Think for Themselves

Over the past few years, a new development has occurred: predictive software systems are being programmed using artificial intelligence techniques. The latest advances in these kinds of tools use swarm technology to leverage massive databases of expert knowledge comprised of billions of constantly updated bits of data in order to make accurate predictions. But his […]

Meltdown-Spectre flaws: We’ve found new attack variants, say researchers

Researchers have developed a tool to uncover new ways of attacking the Meltdown and Spectre CPU side-channel flaws, which may force chipmakers like Intel to re-examine already difficult hardware mitigations. The tool allowed the researchers to synthesize a software-attack based on a description of a CPU’s microarchitecture and an execution pattern that could be attacked. […]

Bitcoin thieves use Google AdWords to target victims

Researchers have uncovered a Bitcoin-stealing cybercriminal gang that has stolen millions of dollars by exploiting Google AdWords. On Wednesday, cybersecurity experts from Cisco Talos revealed that with the help of the Ukraine Cyberpolice, the team has been able to track and monitor the group over the past six months. In a blog post, researchers Jeremiah […]

White House: Russian Military Behind NotPetya Attacks

The Trump administration on Thursday confirmed what UK officials had already said: that Russia’s military was behind the crippling NotPetya ransomware campaign aimed at destabilizing Ukraine, which spread to other nations. In a statement from the White House Press Secretary’s office, the administration said: “In June 2017, the Russian military launched the most destructive and costly cyber-attack in […]

North Korea-Linked Cyberattacks Spread Out of Control: Report

New research points to the broader range and related collateral damage caused by North Korea-linked cyberattacks that spread out of control. Researchers believe two of these threats likely originated from North Korea; one of them was likely an external group attacking North Korea. Analysts at AlienVault published details on multiple attacks after collecting evidence from […]

This lucrative ransomware campaign secretly surveys vulnerable networks to maximise infections

An opportunistic ransomware campaign is infecting transport networks, hospitals, education facilities and more by actively seeking out vulnerable systems, and then using them as a gateway to spread laterally across the networks. Rather than propagating via phishing emails, this campaign looks for unsecured internet-facing systems and uses them as a foothold in the network to spread SamSam ransomware, […]