Tech News

Check Point experts estimated that the number of “coronavirus” cyberattacks increased to 5,000 per day, and number of attacks on sites posing as Netflix services doubled. Researchers say the total number of cyberattacks has declined since the onset of the coronavirus pandemic and subsequent economic downturn. However, the number of …

The March “Tuesday of updates” did not include a patch for the vulnerability CVE-2020-0796, information about which was mistakenly published by experts from Cisco Talos and Fortinet in the public domain. Recently, security professionals published PoC exploits for this vulnerability called SMBGhost. Problem CVE-2020-0796, also called SMBGhost, affects SMBv3, though …

Researcher Jacob Archuleta, known on the network under the pseudonym Nullze, found that the Tesla Model 3 interface is vulnerable to DoS attacks (Denial of Service). The bug received the identifier CVE-2020-10558, and with its help, an attacker could cause the car’s main touchscreen to stop responding to user requests. …

Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks. According to statistics from the Shodan search engine, by last Sunday, …

ZDNet reports that the source code for one of the most profitable ransomware of our time, the Dharma ransomware, was put for sale on two hacker forums last weekend. Sources are sold for $2,000. Let me remind you that this year the FBI called Dharma the second most profitable ransomware …

Trustwave experts published a report, in which they said that the American company was exposed to a rare attack through BadUSB. An unnamed American hotel company was mailed a fake BestBuy gift card along with a malicious USB stick. The accompanying letter said that the drive must be connected to …

Experts from York University explained how they managed to detect vulnerabilities in popular password managers. Bugs allowed malware stealing user credentials. It turned out that back in 2017, researchers analyzed five popular password managers: LastPass, Dashlane, Keeper, 1Password and RoboForm. The analysis helped identify four previously unknown vulnerabilities, including one …

Journalists from Bleeping Computer investigated that hackers are replacing DNS settings for distributing fake applications. The reason for the investigation were complaints of users, which reported on the forums that they were obsessively offered to download a strange application, allegedly informing about COVID-19 and created by WHO. As it turned …

In February 2020, information security specialists spoke at the RSA 2020 conference about the new Kr00k vulnerability (CVE-2019-15126), which can be used to intercept and decrypt Wi-Fi traffic (WPA2). Now it became known that has been published an exploit for Kr00k Wi-Fi vulnerability. According to analysts, any device that uses …

Specialists from IBM X-Force discovered a new malicious campaign, in which cybercriminals fake letters from WHO, impersonate its CEOs Tedros Adan Gebreisus, and send users emails containing a HawkEye keylogger. HawkEye is a credential theft program that is usually distributed through fraudulent emails and malicious Microsoft Word, Excel, PowerPoint, and …

ZDNet reports that Mozilla developers consider FTP to be an insecure protocol and will soon refuse to support it in Firefox. Therefore, users will no longer be able to upload files via FTP, and may not be able to view the contents of FTP links and folders in a browser. …

According to a report published by the American company FireEye, 76% of all ransomware attacks in the corporate sector occur in the off-hours: 49% of them are recorded at night on weekdays, and another 27% at weekends. This data is based on dozens of ransomware incident investigations from 2017 to …

Amazon Web Services (AWS) software engineer Pawel Wieczorkiewicz discovered another vulnerability in Intel processors that allows stealing data from the internal memory of the CPU. Discovered by Wieczorkiewicz attack was called Snoop-assisted L1 Data Sampling or simply Snoop. Last week, Intel and AMD equalized number of discovered vulnerabilities, but as …

Microsoft has stopped development of the Remote Desktop Connection Manager (RDCMan) application after it has been identified as vulnerability. As the name suggests, this application allows remotely connecting to other Windows computers through RDP. Windows Live Experience team developed it for the internal use, but since the late 2000s it …

IS experts discovered two new malware for Android (recognized as the most vulnerable OS over the past year), called Cookiethief and Youzicheng. They are can steal cookies stored in browsers on smartphones and in applications of popular social networks, in particular Facebook. How can cookie theft be dangerous? Web services …