Remove Access Remove Cleanup Remove Security
article thumbnail

Experts found Symlink race issues in 28 antivirus products

Security Affairs

Security experts from RACK911 Labs discovered “symlink race” vulnerabilities in 28 of the most popular antivirus products. Security researchers from RACK911 Labs disclose the discovery of “ symlink race ” issues in 28 of the most popular antivirus products. AVG , F-Secure , McAfee ). Pierluigi Paganini.

Cleanup 360
article thumbnail

Hackers abused swap files in e-skimming attacks on Magento sites

Security Affairs

Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to survive multiple cleanup attempts.

Cleanup 336
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zero-Day flaw in FatPipe products actively exploited, FBI warns

Security Affairs

To mitigate the issue the company recommends disabling UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources. Upon exploiting the flaw, the attackers used cleanup scripts to remove traces of their activity. ” reads the FBI’s alert. .”

Cleanup 318
article thumbnail

CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8

Security Affairs

Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 There is a race condition leading to a use-after-free, related to net namespace cleanup.” The exploitation of the flaw could allow attackers to access resources, modify any files, and deny access to resources.

Cleanup 272
article thumbnail

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. In at least one attack, the threat actors used a Delphi Crypter along with a second-stage malware, a remote access Trojan dubbed BitRAT.

Cleanup 359
article thumbnail

Project Zero researcher found unpatched Android zero-day likely exploited by NSO group

Security Affairs

Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues of the Android security team. ” reads the security advisory. I found & reported my first Project Zero bug! LTS kernel [1], AOSP android 3.18

Cleanup 56
article thumbnail

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S.