The next step after hackers discover a vulnerability is to exploit it, meaning that they would use pieces of software, chunks of data, sequences of commands, or open-source exploit kits to take advantage of the vulnerability for malicious purposes. By exploiting vulnerabilities, hackers intend to gain control over a system, escalate privileges, launch Denial-of-Service (DoS) attacks, etc.
While too many people still don’t know anything about Hardware security keys, such as those from Google and Yubico, Companies are trying to introduce them as the most secure hardware ever. Although these tools are highly resistant to phishing and takeover attacks, the new attacks could let hackers Clone Hardware security keys. An electromagnetic side-channel…
Any business launched online in the cyber network is inevitably at risk of vulnerabilities — bugs and issues that can endanger the business infrastructure as well as public information and create irreparable damage. Consequently, many organizations are now using vulnerability rewards programs (VRP) such as Bug Bounties in order to have a safer business online…
To understand and repel cyber-attacks, security breaches, and advanced persistent attacks (APTs), Lockheed Martin introduced a new “Cyber Kill Chain” framework or model in 2011. Derived from a military model, the cyber kill chain is a 7-step model that exhibits the stages of a cyber-attack from early reconnaissance to the final data exfiltration. Used for…
A cybersecurity researcher disclosed four zero-day vulnerabilities in IBM’s enterprise security software after the company refused to fix the issues and acknowledge the private disclosure report. The vulnerabilities affect the IBM Data Risk Manager software ― a tool that provides companies with “a business-consumable data risk control center that helps to uncover, analyze, and visualize data-related business…
Cybercriminals have stolen more than $25 million worth of cryptocurrency from the Uniswap exchange and the Lendf.me lending platform. Experts are currently investigating the attack; they suspect that the same hacker(s) could have used the exploit posted on GitHub to hack the two platforms; thus, the two attacks could be linked. The two attacks are…
Cybersecurity researchers have discovered a new IoT botnet, tracked as Dark Nexus. The new botnet can be used to launch distributed denial-of-service (DDoS) attacks. Dark nexus has compromised hundreds of IoT devices, including routers from Dasan Zhone, Dlink, and ASUS, video recorders, and thermal cameras. Researchers from cybersecurity firm Bitdefender said in a post that the new…
A new Windows malware dubbed “Coronavirus” is exploiting the Covid-19 pandemic to make disks unusable by overwriting the master boot record (MBR). The MBR is a boot sector that holds information on how the hard drive is partitioned and how to load the operating system. According to the malware analysis the SonicWall Capture Labs Threat…
The Chinese state-sponsored group APT41 has targeted more than 75 organizations worldwide targeting security flaws in Citrix, Cisco, and Zoho appliances and devices. The APT41 group has been active since at least 2012 and is known for espionage, cybercrime, and surveillance operations against a large array of industries, as well as individuals. According to FireEye,…
Multiple Zero-day vulnerabilities in the DVRs of IP video manufacturer, LILIN, have been exploited by DDoS botnets to infect vulnerable devices. The LILIN DVR vulnerability was first reported in May 2019 and it has been exploited for more than six months before LILIN patched the flaw and released a firmware. Attackers used DDoS botnets to…
Shortly after releasing its monthly security update, Microsoft separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol. Microsoft did…