Vulnerabilities & Exploits

Security researchers uncovered a new exploit kit, which they’ve named Fallout, delivering downloader trojans, potentially unwanted applications (PUAs), and notably the GandCrab ransomware.

New variants of Mirai and Gafgyt botnets were found targeting well-known vulnerabilities using multiple exploits directed at enterprises for possible DDoS attacks, including the flaw used in the 2017 Equifax data breach.

Enterprises are increasingly using hybrid environments, but this move can come with risks and challenges especially for organizations adopting DevOps. How can hybrid cloud security fit naturally into development processes?

Furtives et insidieuses : c'est ainsi que l'on peut qualifier les principales cybermenaces que nous avons observées au cours du premier semestre 2018.

PyRoMineIoT malware infects systems with a Monero miner, spreads using RCE EternalRomance by removing or modifying accounts and passwords with privileged access, and scans for vulnerable Internet of Things devices for possible future attacks.

Attackers can extract messages from encrypted emails using the eFail attack, which exploits known vulnerabilities. Several of the most widely used email clients are affected.

Equifax submitted a report outlining the extent of the 2017 data breach of their systems, stating that hackers stole approximately 2.4 million PII and document scans.

Twitter announced that a bug in their system may have exposed user passwords internally and urged all subscribers to change their account passwords.

Android mobile apps reusing advertising SDKs still using HTTP protocol risk exposing unencrypted user personal information, security researchers warned at the RSA Conference.