💻 AMD processors manufactured between 2011 and 2019 have been found vulnerable to 2 new side-channel attacks that could let attackers exploit cache-related feature to steal sensitive data.
➡️ Collide+Probe
➡️ Load+Reload
Details here:
https://thehackernews.com/2020/03/amd-processors-vulnerability.html
➡️ Collide+Probe
➡️ Load+Reload
Details here:
https://thehackernews.com/2020/03/amd-processors-vulnerability.html
A judge on Monday declared a mistrial in the case against an ex-CIA employee (Joshua Schulte) who was charged for stealing classified hacking tools (‘Vault 7’) from the agency and leaking it to WikiLeaks.
Read: https://thehackernews.com/2020/03/cia-joshua-schulte-hacking.html
Read: https://thehackernews.com/2020/03/cia-joshua-schulte-hacking.html
LVI Attacks 🔥 CVE-2020-0551
A new hardware vulnerability affecting modern Intel CPUs puts virtual workloads and data centers at risk of hacking.
Read details: https://thehackernews.com/2020/03/intel-load-value-injection.html
It involves reversely exploiting Meltdown and MDS-type flaws to bypass existing defenses.
A new hardware vulnerability affecting modern Intel CPUs puts virtual workloads and data centers at risk of hacking.
Read details: https://thehackernews.com/2020/03/intel-load-value-injection.html
It involves reversely exploiting Meltdown and MDS-type flaws to bypass existing defenses.
In a large-scale coordinated operation, Microsoft successfully disrupted Necurs, one of the largest email-spam botnet malware networks that infected over 9 million computers worldwide.
https://thehackernews.com/2020/03/necurs-botnet-takedown.html
After cracking Necurs’s domain generation algorithm, researchers predicted over 6 million web domains that the malware was supposed to use in the next 25 months; but Microsoft and related authorities hijacked them in advance to seize the malware operation.
https://thehackernews.com/2020/03/necurs-botnet-takedown.html
After cracking Necurs’s domain generation algorithm, researchers predicted over 6 million web domains that the malware was supposed to use in the next 25 months; but Microsoft and related authorities hijacked them in advance to seize the malware operation.
Turns out mitigation against RowHammer attacks added to the latest DDR4 and LPDDR4 DRAM chips are still insufficient, allowing attackers to re-enable the critical bit-flipping vulnerability.
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html
Bonus: Researchers have also released 'TRRespass,' an open source RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html
Bonus: Researchers have also released 'TRRespass,' an open source RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.
Beware of 'Coronavirus Maps' !!!
Are you tracking the outbreak or leading hackers directly into your computers?
Cybercriminals exploiting users' increased interest in learning about coronavirus to spread password-stealing malware to millions.
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
Are you tracking the outbreak or leading hackers directly into your computers?
Cybercriminals exploiting users' increased interest in learning about coronavirus to spread password-stealing malware to millions.
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
CVE-2020-0796
Microsoft warning billions of users of a new UNPATCHED "wormable" RCE flaw in SMBv3 protocol—after its existence accidentally got leaked.
Read: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Disable SMB compression & block SMB (port 137, 139, 445) inbound/outbound to avoid attacks.
Microsoft warning billions of users of a new UNPATCHED "wormable" RCE flaw in SMBv3 protocol—after its existence accidentally got leaked.
Read: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Disable SMB compression & block SMB (port 137, 139, 445) inbound/outbound to avoid attacks.
⚡ March 2020 Patch Tuesday Edition:
Microsoft releases latest security updates for various versions of Windows OS & related software to patch a total of 115 new vulnerabilities.
—26 Critical
—88 Important
—1 Moderate
Read: https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
Microsoft releases latest security updates for various versions of Windows OS & related software to patch a total of 115 new vulnerabilities.
—26 Critical
—88 Important
—1 Moderate
Read: https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
⚡ URGENT
Just-In: Microsoft has finally released an update to fix a recently disclosed dangerous wormable RCE vulnerability in SMBv3 protocol — PATCH it ASAP!
https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
This flaw could let hackers launch self-propagating malware attacks.
Just-In: Microsoft has finally released an update to fix a recently disclosed dangerous wormable RCE vulnerability in SMBv3 protocol — PATCH it ASAP!
https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
This flaw could let hackers launch self-propagating malware attacks.
A new Android malware has been found in the wild, stealing authentication cookies 🍪 stored in the browser and other apps—including Chrome & Facebook—on targeted devices to hijack user accounts without requiring their actual login passwords.
https://thehackernews.com/2020/03/android-cookies-malware-hacking.html
https://thehackernews.com/2020/03/android-cookies-malware-hacking.html
26 Cybercriminals BUSTED!
Europol issues warning over the rise in "SIM Swapping" attacks after arresting suspected members of 2 related gangs of fraudsters who stole over $3.5 million in a series of attacks.
Read ➤ https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html
Europol issues warning over the rise in "SIM Swapping" attacks after arresting suspected members of 2 related gangs of fraudsters who stole over $3.5 million in a series of attacks.
Read ➤ https://thehackernews.com/2020/03/sim-swapping-fraud-hacking.html
Here's a very interesting tale...
Researchers uncover how a Nigerian cybercriminal is pursuing his million-dollar dream.
https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html
Oh, btw, when he gets angry with his allies from the dark world of hackers, he resolves disputes by reporting them to the Interpol.
Researchers uncover how a Nigerian cybercriminal is pursuing his million-dollar dream.
https://thehackernews.com/2020/03/nigerian-hacker-million-dollars.html
Oh, btw, when he gets angry with his allies from the dark world of hackers, he resolves disputes by reporting them to the Interpol.
Popular guitar tutoring site 'TrueFire' suffered a 'Magecart' style data breach that potentially exposed payment card details—name, address, card number, expiration date, CVV—of its customers to the hackers.
Read details ➤ https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html
Read details ➤ https://thehackernews.com/2020/03/truefire-guitar-tutoring-data-breach.html
TrickBot authors added a new RDP brute-force module to the banking Trojan that's now leveraging infected computers to target thousands of enterprise systems in telecom & financial sectors of the U.S. & Hong Kong.
Read details ➤ https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html
Read details ➤ https://thehackernews.com/2020/03/trickbot-malware-rdp-bruteforce.html
Adobe today released CRITICAL patches to fix a total of 41 new vulnerabilities affecting 6 of its software.
—Acrobat and Reader
—Photoshop
—ColdFusion
—Adobe Bridge
—Experience Manager
—Genuine Integrity Service
Read more: https://thehackernews.com/2020/03/adobe-software-update.html
—Acrobat and Reader
—Photoshop
—ColdFusion
—Adobe Bridge
—Experience Manager
—Genuine Integrity Service
Read more: https://thehackernews.com/2020/03/adobe-software-update.html
WATCH OUT — In the past 3 weeks alone, hackers have created thousands of new Coronavirus related sites as bait to spread dangerous malware (for desktop & mobile) and phishing threats.
Find details & learn how to protect yourself ➤ https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html
Find details & learn how to protect yourself ➤ https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html
👏1
Working remotely from home has significantly increased cybersecurity risks, making it easier for hackers to target organizations without being detected by their security teams.
Here's how CISOs should prepare for Coronavirus-related cyber threats ➤
https://thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html
Here's how CISOs should prepare for Coronavirus-related cyber threats ➤
https://thehackernews.com/2020/03/coronavirus-cybersecurity-ciso.html
Multiple DDoS botnets — Chalubo, FBot, and Moobot — exploited 0-day vulnerabilities in LILIN DVR #surveillance systems at least since August 2019.
Details: https://t.co/7NPEWAMMgG
Details: https://t.co/7NPEWAMMgG
Mukashi, a new variant of Mirai IoT botnet malware found targeting Zyxel NAS devices in the wild.
https://t.co/zO8gmrPCLm
It leverages a command injection #vulnerability (CVE-2020-9054) in NAS devices that also impacts Zyxel UTM, ATP & VPN firewall products.
https://t.co/zO8gmrPCLm
It leverages a command injection #vulnerability (CVE-2020-9054) in NAS devices that also impacts Zyxel UTM, ATP & VPN firewall products.
WARNING! All versions of #Microsoft Windows (7, 8.1, 10, Server 2008, 2012, 2016, 2019) operating systems contain 2 new font parsing library RCE vulnerabilities that are:
—CRITICAL
—UNPATCHED
—Under active ZERO-DAY attacks
No patch available, so all Windows users are highly recommended to immediately apply workarounds (mentioned in the article) to reduce the risk of getting hacked.
Details ➤ https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html
—CRITICAL
—UNPATCHED
—Under active ZERO-DAY attacks
No patch available, so all Windows users are highly recommended to immediately apply workarounds (mentioned in the article) to reduce the risk of getting hacked.
Details ➤ https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html
👍1