Technology Solutions

 

IT Security Alert

The Hacker News Mon, 17 Jun 2019 02:17:57 PDT
  • Critical Flaw Reported in Popular Evernote Extension for Chrome Users 

    Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome

  • Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests 

    Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage

  • Cynet Free Visibility Experience – Unmatched Insight into IT Assets and Activities 

    Real-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with—from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now

  • Android's Built-in Security Key Now Works With iOS Devices For Secure Login 

    In April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a

  • When Time is of the Essence – Testing Controls Against the Latest Threats Faster 

    A new threat has hit head the headlines (Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint

  • RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory 

    A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel

  • Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities 

    After Adobe, the technology giant Microsoft today—on June 2019 Patch Tuesday—also released its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products. This month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity. The

  • Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign 

    It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary

  • New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions 

    Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to

  • Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor 

    Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line

  • Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw 

    An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half

  • New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide 

    Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute

  • CompTIA Certification Training — Get Online Courses @ 95% OFF 

    The Information Technology industry has seen exponential growth over the years. It is essential for everyone to earn cybersecurity certification if you want to be a part of this growing industry. Organizations always prefer employees with strong internationally-recognized professional certifications. It proofs your skills, knowledge, and gives more credibility to advance your career. IT

  • Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers 

    Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its

  • Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services 

    Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform,

  • Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions 

    A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions. Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists

  • Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default 

    As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which

  • Apple Launches Privacy-Focused 'Sign in with Apple ID' Feature at WWDC 2019 

    Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect users' privacy by not disclosing their actual email addresses to the 3rd-party services and also

  • macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks 

    A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission ("allow" or "deny") from

  • SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video 

    I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the so-called intelligent devices. When it comes to internet-connected devices, smart TVs are the

  • Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants 

    If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an

  • Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware 

    Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on

  • Top 5 Last-Minute Memorial Day Deals at THN Store → Get 60% Extra OFF 

    Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and course bundles has you covered. Ethical Hacking A to Z Training Bundle MSRP: $1273 - Sale Price

  • Flipboard Database Hacked — Users' Account Information Exposed 

    Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and

  • Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw 

    Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what

Quick Heal Blog | Latest computer security news, tips, and advice Fri, 14 Jun 2019 14:12:07 +0000
  • Beware! The padlock icon and HTTPS are no more indicators of safe website 

    The evolving cyber threat landscape has taken a new leap. The recent past shows a startling rise in the number of incidences of phishing attacks, where visitors have been lured into clicking fraudulent links, under the cover of security marks like padlock icon and ‘HTTPS’. Considering the rising number of…

  • What makes Quick Heal’s Next Generation Suite of Features a SMART choice to protect your privacy? 

    The cyber threat landscape is evolving every second, with thousands of new potential threats being detected every single day. With people becoming more and more conscious about their privacy and private data, such evolving threats can have a significant impact on the personal and financial life of people. In order…

  • APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise 

    In today’s world data is everything, and to store and process this large amount of data, everyone started using computing devices. Database servers which are used for storing this precious data on computing devices include MySQL, MongoDB, MSSQL, etc. But unfortunately, not everyone is conscious about its security. In fact, approximately…

  • CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel 

    Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…

  • Quick Heal supports the Windows 10 May 2019 Update 

    As part of the Windows 10 Updates, Microsoft has now come up with a new update for Windows 10 PCs. It’s called Windows 10 19H1 (Windows 10 May 2019 Update). This post lists down some of the highlights of this particular update and Quick Heal’s compatibility with the OS. Highlights…

  • What is Emotet? 

    Emotet malware was first identified in 2014 as Banking trojan. Emotet has evolved from banking trojan to threat distributor till now. It has hit many organizations very badly in 2018 with its functionalities like spamming and spreading. Further with its widespread rich/existence at many organizations, it became threat distributor. Since…

  • CVE-2019-0708 – A Critical “Wormable” Remote Code Execution Vulnerability in Windows RDP 

    This is an important security advisory related to a recently patched Critical remote code execution vulnerability in Microsoft Windows Remote Desktop Service (RDP). The vulnerability is identified as “CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability”. MSRC blog mentions This vulnerability is pre-authentication and requires no user interaction. In other…

  • Miners snatching open source tools to strengthen their malevolent power! 

    From the last one year, Quick Heal Security Labs has been observing a boost in the number of mining malware. One of the ways to earn cryptocurrencies is to mine them. Nowadays cryptocurrency miner malware have become hot attack vectors for cybercriminals due to its ease of deployment and instant…

  • 5 ways to instantly detect a phishing email and save yourself from phishing attack 

    Phishing is a fraudulent activity to trick you into revealing your personal and confidential information. This information usually includes bank account details, net banking details, credit/debit card numbers, login ID and passwords. Every day, countless people become unsuspecting victims of phishing attacks. With cyber criminals adopting sophisticated modes of phishing…

  • PCs fail to boot up / Freeze after receiving Microsoft Windows 9-April-2019 updates and rebooting the PC 

    Quick Heal and Seqrite users are reporting that PCs fails to boot up / Freeze after installing 9th April Windows Updates and Rebooting the system. Symptoms:  Users have Quick Heal or Seqrite product installed and running on their systems. The PCs fail to boot up / Freeze after installing Windows Updates of 9-April-2019 and Rebootingthe system. There are…

Troy Hunt's Blog Mon, 17 Jun 2019 08:07:31 GMT
WeLiveSecurity Mon, 17 Jun 2019 09:30:49 +0000
How can we help
  • Virus Removal Experts
  • All Desktop & Notebook Repairs
  • Screens, Motherboards, Hard drives
  • Soldering Jobs
  • Networking
  • Custom Builds
  • Website Design
What We Do