News, Tips, Security Lab

RCE vulnerability in GTA Online

Dangerous RCE Vulnerability in GTA Online Fixed

Rockstar Games has finally released a patch for a dangerous RCE vulnerability in GTA Online that allowed loss of game…

Cryptocurrency Scam “Pig Butchering” Penetrated the Apple App Store and Google Play Store

The Pig Butchering scam, a scam operation that specializes in fake investments in allegedly promising cryptocurrency projects, stocks, bonds, futures…

Vulnerability in KeePass Allows Stealing All User Passwords in Plain Text

The developers of the open-source password manager KeePass explain that a vulnerability that allows an attacker to steal all user…

Change in the IP Address of the Router Caused a Massive Outage of Microsoft Services

Last week, Microsoft 365 services around the world suffered a major outage that lasted about five hours. As the company…

Microsoft Will Block Excel XLL Files Downloaded from the Internet

Microsoft developers are going to block some Excel add-in (.XLL) files for Microsoft 365. The new measures will include automatic…

IPStorm now attacks Android

IPStorm botnet now attacks Android, macOS and Linux devices

For the first time, Anomali specialists noticed the IPStorm in June 2019, and then it attacked only Windows machines. Now it began to attack devices on Android, macOS and Linux.…

ransomware attacks take 45 minutes

Microsoft estimated that ransomware attacks take less than 45 minutes

Microsoft analysts have prepared a traditional Digital Defense report, in which they talked about the main events and trends in the field of cybersecurity and threat analysis over the past…

Coffee machine ransom money

Avast expert taught Smarter Coffee machine to ransom money

Back in 2015, experts from Pen Test Partners talked about a way to hack Wi-Fi networks through the iKettle, created by Smarter, and then discovered that Smarter Coffee maker machine,…

TikTok multi-factor authentication

Attackers can bypass TikTok multi-factor authentication through the site

Journalists of the ZDNet publication, citing one of their readers, report that the web version of TikTok did not receive multi-factor authentication (via mail and SMS), which developers established for…

Windows XP source codes

Windows XP source codes leaked

4chan has published a 42.9 GB torrent file, which contains the source codes for several operating systems, including Windows XP and Windows Server 2003. The person who published the file…

Alien malware steals passwords

Alien malware steals passwords from 226 Android apps

ThreatFabric analysts have discovered a new Android malware Alien. The malware primarily targets banking applications. Overall, Alien steals passwords and other credentials from 226 apps. Alien is sold on hacker…

LokiBot infostealer activity growth

CISA experts warned about the growth of LokiBot infostealer activity

Specialists from the Agency for Cybersecurity and Infrastructure Protection, organized by the US Department of Homeland Security (DHS CISA), warned about growth of activity of LokiBot infostealer aka Loki and…

Microsoft left Bing open

Microsoft left open one of the internal servers of the search engine Bing

Ata Hakcil, cyber security specialist at WizCase, discovered that Microsoft employees mistakenly left one of the Bing backend servers open – it was available to anyone. The researcher writes that…

Spammers hide behind IP addresses

Spammers hide behind hexadecimal IP addresses

Trustwave experts have discovered that pharmaceutical spam attackers have started to insert unusual URLs into their messages. Spammers hide behind hexadecimal IP addresses. They use hexadecimal IPs to bypass email…

Mozilla stops Firefox Send

Mozilla completely stops development of Firefox Send and Firefox Notes

This summer, I talked about how ZDNet journalists drew attention of Mozilla engineers to numerous abuses of the Firefox Send service, which was actively used to spread malware. As a…

US Department of Justice accused Russians

US Department of Justice accused two Russians of stealing $17,000,000 worth of cryptocurrency

The US Department of Justice brought charges in absentia against two Russian citizens: Daniil Potekhin (aka cronuswar) and Dmitry Karasavidi. The US Department of Justice accused the Russians in organizing…

Chinese hackers attack the US

Chinese hackers attack US organizations and exploit bugs in F5, Citrix and Microsoft Exchange

The Department of Homeland Security (DHS CISA) Cybersecurity and Infrastructure Protection Agency (DHS CISA) has published security guidelines for the private sector and government agencies. CISA said that Chinese hackers…