A TEAMVIEWER VULNERABILITY LETS THE VIEWER BE VIEWED HIMSELF, OR VICE VERSA

A vulnerability in TeamViewer was discovered which could allow the server (viewer) to be viewed by the client or initiate a change of control if exploited by the viewer. TeamViewer is a registered computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.  TeamViewer is used to let Read more…

 

UBER CONCEALED A MAJOR DATA BREACH

On October 2016, Uber Technologies Inc. concealed a major data breach by paying one hundred thousand USD ($100,000) to hackers. Uber Technologies Inc. is a global transportation technology company headquartered in San Francisco, California, United States, operating in 633 cities worldwide.  It develops, markets and operates the Uber car transportation and food delivery mobile apps.  Read more…

 

MAILSPLOIT, AN UNDETECTABLE EMAIL SPOOFING IN MAJOR EMAIL CLIENTS

Mailsploit is an Email exploit where attackers employ email spoofing without being detected in major email clients. Email spoofing is the forgery or imitation of an email header so that the email appears to have originated from someone or somewhere other than the actual source.  Email spoofing is a method used in phishing and spam Read more…

 

ANDROMEDA BOTNET IS FINALLY TAKEN DOWN BY INTERNATIONAL AGENCIES

After extensive and coordinated cyber operations of multiple international organizations, both from government and private sectors, have successfully taken down one of the most formidable cyber entities to date, Andromeda Botnet. Andromeda (Gamarue, Wauchos) is a name used to describe a botnet of computers infected with malware.  The botnet emerged in 2011 and continued to Read more…

 

NSA EMPLOYEE PLEADS GUILTY TO ILLEGALLY TAKING CLASSIFIED FILES

Nghia Hoang Pho, a NSA employee from Tailored Access Division, pleads guilty in illegally taking home classified information which were allegedly leaked due to Kaspersky Anti-virus software. Last October 2017, Kaspersky was blamed by several security companies worldwide, especially US-based security agencies, for providing access on their anti-virus software to Russian intelligence.  It was reported Read more…

 

YAHOO 2014 EMAILS HACKER ARRESTED

The hacker behind the 2014 Yahoo Emails attack, Karim Baratov, a Canadian citizen, was finally apprehended and pleaded guilty to participating directly in the said massive email breach. This October 2017, Yahoo admitted that three billion user accounts were compromised – the equivalent of half the people on Earth – in a 2014 hack. That Read more…

 

17-YEAR OLD MS OFFICE VULNERABILITY AIDS COBALT MALWARE

A Microsoft Office vulnerability which predates since Windows 2000 was used by hackers to spread Cobalt malware on targeted computers. The name Cobalt was used considering that the malware was designed using a component from a legitimate penetration-testing tool called Cobalt Strike.  Cobalt Strike is threat emulation software.  It can execute targeted attacks against modern Read more…

 

FACEBOOK POLL FEATURE CAN ALLOW ANYONE TO DELETE PHOTOS

Using the new Facebook Poll Feature, anyone can integrate another user’s photos to that poll post and delete the poll along with the integrated URL of the photos. Recently, Facebook have added a new feature called Polls which, instead of having plain content, enables users to post votable inquiries.  Users likewise have the capacity to Read more…

 

SCARAB RANSOMWARE WAS DISTRIBUTED USING NECURS BOTNET

The Scarab ransomware, which was first discovered last June 2017, was recently distributed to around 12.5 million emails using a botnet called Necurs. Necurs botnet is a prevalent malware distributor.  It militarizes up to 6 million zombie endpoints, delivers some of the worst banking Trojans and ransomware threats in batches of millions of emails at Read more…

 

OWASP TOP TEN VULNERABILITIES AS OF 2017

The Open Web Application Security Project (OWASP) has distributed another revision of its Top 10 vulnerabilities for 2017, as an update to their ranking last 2013. The OWASP Top 10 is a public security-awareness document that has been widely adopted as a guideline for classifying the severity of web-based security bugs, and is currently used Read more…