Robert Abel SC Media | Page 2 of 184

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Massive SIM swap fraud leaves traditional 2FA users at risk

By

As two-factor authentication becomes more popular, threat actors have proven once again how this security feature can be exploited if not implemented properly. Kaspersky researchers uncovered large-scale SIM swap fraud operations targeting users in both the Portugese-speaking nations of Brazil and Mozambique were able to use social engineering, bribery,  and simple phishing attacks to ultimately…

VPN apps found insecurely storing session cookies

By

Researchers with National Defense ISAC Remote Access Working Group discovered multiple Virtual Private Networks (VPN) applications were insecurely storing authentication and/or session cookies in memory logs and files. The vulnerability would allow an attacker to replay the session and bypass other authentication methods and ultimately grant them access to the same applications as the user…

Grab-and-go Baldr stealer malware proves popular among thieves

By

A new stealer malware dubbed Baldr has been taking the cybercrime market by storm with its capabilities including user profiling, sensitive data exfiltration, shotgun file grabbing, screencapping, and  network exfiltration. Malwarebytes researchers have been monitoring the malware for the past few months and said it is the work of three threat actors: Agressor handled distribution,…

Nearly one billion Chrome users vulnerable to exploit patched in later versions

By

Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome. Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation…

April Microsoft Patch Tuesday addresses two actively exploited zero-days

By

Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities. The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security…

Adobe Utah facility

April Adobe Patch Tuesday addresses several critical flaws in Flash, Acrobat and more

By

Adobe released security updates for 15 of its products including Adobe Acrobat and Reader for Windows and macOS to address critical and important vulnerabilities which could lead to arbitrary code execution or worse, in this month’s Patch Tuesday updates. The patches include critical updates for multiple versions of Adobe Acrobat, Flash Player, Shockwave and InDesign…

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

Researchers claim to trick Samsung Galaxy S10 fingerprint scanner using a 3D printed image

By

A Reddit user claims to have fooled the ultrasonic fingerprint scanner on the Samsung Galaxy S10 using a 3D printed image. Reddit user darkshark9 posted a video on imgur of what appears to be them pressing a small sheet of a 3D printed image against the phone’s fingerprint scanner and subsequently unlocking the device. The…

Critical vulnerability found in Duplicate-Page’s WordPress Plugin

By

A critical SQL injection/ PHP Object Injection  vulnerability in Duplicate-Page’s WordPress Plugin can allow attackers to steal sensitive user information. The vulnerability was given a DREAD score of 8.4 for being exploitable by any user with an account on the vulnerable site regardless of privileges and is easy to exploit, Sucuri researchers said in an…

Xiaomi devices came with vulnerability baked into its pre installed security app

By

A preinstalled mobile security app on Xiaomi left user devices more vulnerable than protected, researchers said. Check Point researchers discovered a vulnerability in Xiaomi phones’ “Guard Provider app” that could expose users to attacks caused by the unsecured nature of network traffic to and from the app and the use of multiple SDKs within the…

data center

Threat actors use US data center to spread malware

By

Bromium researchers spotted scammers used Nevada data centers to distributed Dridex, GandCrab and other malware in a campaign that lasted between May 2018 to March 2019. Typically, threat actors organize their operations outside of the reach of U.S. law enforcement but these made a bold statement using servers that could easily be seized and shut…

Next post in Cybercrime