New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple. Variant 4 comes weeks after German computer magazine Heise reported about a set of eight Spectre-class vulnerabilities in Intel CPUs and a small number of ARM…
DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users' login credentials and the secret code for…
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext

Note—the technical details of the vulnerabilities introduced in this article has now been released, so you should also read our latest article to learn how the eFail attack works and what users can do to prevent themselves. An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of…
Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software. A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC. Out of 47, Adobe…
Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow. PGP and S/MIME are popular end-to-end encryption standards used to encrypt emails in…
Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems…
Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered Monday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing…
Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks

Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks

A Google security researcher has discovered a critical remote command injection vulnerability in the DHCP client implementation of Red Hat Linux and its derivatives like Fedora operating system. The vulnerability, tracked as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. Whenever your system joins a network, it’s the DHCP…
Hackers Reveal How Code Injection Attack Works in Signal Messaging App

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code injection vulnerability discovered and reported by a team…
7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year and…

Latest article

FBI seizes VPNFilter botnet domain that infected 500,000 routers

FBI seizes VPNFilter botnet domain that infected 500,000 routers

By Waqas It is believed that the botnet was run by infamous This is a post from HackRead.com Read the original post: FBI seizes VPNFilter botnet domain that infected 500,000 routers
Malicious Edge and Chrome Extension Used to Deliver Backdoor

Malicious Edge and Chrome Extension Used to Deliver Backdoor

by Jaromir Horejsi, Joseph C. Chen, and Loseway Lu We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source. It appears they are working on a new malware that — based on how they…
BrandPost: SharePoint: Key Benefits and Migration Tips

BrandPost: SharePoint: Key Benefits and Migration Tips

Your staff works remotely, moves from one client location to another, and uses various devices to get work done. To ensure that your staff can access the necessary content when and where they need it the most, many organizations adopt a Cloud-based content management solution, like SharePoint. When using SharePoint, the content your staff needs…
Pornhub launches VPNhub – a free and unlimited VPN service

Pornhub launches VPNhub – a free and unlimited VPN service

PornHub wants you to keep your porn viewing activities private, and it is ready to help you out with its all-new VPN service. Yes, you heard that right. Adult entertainment giant PornHub has launched its very own VPN service today with "free and unlimited bandwidth" to help you keep prying eyes away from your browsing…
Someone hacked California’s live congressional debate to run gay porn

Someone hacked California’s live congressional debate to run gay porn

By Carolina “Looks like we got hacked again, we’ll try to fix This is a post from HackRead.com Read the original post: Someone hacked California’s live congressional debate to run gay porn
Confucius Update: New Tools and Techniques, Further Connections with Patchwork

Confucius Update: New Tools and Techniques, Further Connections with Patchwork

by Daniel Lunghi and Jaromir Horejsi Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia. During the months that followed in which we tracked Confucius’ activities, we found that they…
New VPNFilter malware targets at least 500K networking devices worldwide

New VPNFilter malware targets at least 500K networking devices worldwide

For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use.
BrandPost: CIO Interview with Amy Tong, Director and CIO of the California Department of Technology

BrandPost: CIO Interview with Amy Tong, Director and CIO of the California Department of...

California recently surpassed the U.K. and now ranks as the fifth largest economy in the world. Managing the people and technology driving that growth is an equally massive challenge. CIO Amy Tong has been leading the charge since June of 2016, and she shared her thoughts on what’s working and where the state is heading.What…
Researchers unearth a huge botnet army of 500,000 hacked routers

Researchers unearth a huge botnet army of 500,000 hacked routers

More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter, that has been designed with versatile capabilities to…
You are not alone; The Pirate Bay is down around the world

You are not alone; The Pirate Bay is down around the world

By Waqas Another day, another irritating situation for The Pirate Bay fans. This is a post from HackRead.com Read the original post: You are not alone; The Pirate Bay is down around the world
BrandPost: Cybersecurity 101: Your End-Users are the First Line of Defense

BrandPost: Cybersecurity 101: Your End-Users are the First Line of Defense

Phishing is one of the main cybersecurity risks that organizations of any size face, and it’s a major way in which an organization can become compromised. However, many organizations still don’t have a cybersecurity plan despite the growing threats that they are facing every day.Many organizations’ corporate cultures truly lack the security basics of working…
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected

Security researchers from Microsoft and Google have discovered a fourth variant of the data-leaking Meltdown-Spectre security flaws impacting modern CPUs in millions of computers, including those marketed by Apple. Variant 4 comes weeks after German computer magazine Heise reported about a set of eight Spectre-class vulnerabilities in Intel CPUs and a small number of ARM…