new-gmail
gmail-confidential-mode-security
gmail-smart-reply
gmail-redesign
new-gmail-features
gamil-hack

Google Redesigns Gmail – Here’s a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail’s history. This huge revamped version of the email service now offers plenty of new features such as confidential mode, offline support, email snoozing and more, to make Gmail more smarter, …

android-dns-hijack-malware
cyberaattack
android-dns-hijack-banking-malware
chinese-android-malware

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers. DNS hijacking attack …

Boffins pull off quantum leap in true random number generation

Well, we been having some difficulty. Ziggy, he’s, uh, spitting out some wild values A team of physicists claim to have developed a guaranteed random number generator using photons and the laws of quantum mechanics. Random numbers are used to secure communications, and a good random number generator is essential for strong encryption. But ensuring that the numbers are truly …

Flaw in Emergency Alert Systems Could Allow Hackers to Trigger False Alarms

A serious vulnerability has been exposed in “emergency alert systems” that could be exploited remotely via radio frequencies to activate all the sirens, allowing hackers to trigger false alarms. The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes and terrorist attacks. False alarms …

Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide range of client/server and mainframe operating systems, …

Critical remote code execution vulnerabilities impact Natus medical devices | ZDNet

A set of critical vulnerabilities have been uncovered in Natus NeuroWorks software which may place medical devices connecting to the software at risk. More security news On Wednesday, researchers from Cisco Talos said in a blog post that the vulnerabilities could not only cause services to crash but may also allow attackers to remotely execute code on medical devices. Natus …

HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a …

Cross Site-Scripting in extension “Caretaker” (caretaker)

It has been discovered that the extension “Caretaker” (caretaker) is susceptible to Cross-Site Scripting. Release Date: December 18, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.8.0 and below Vulnerability Type: Cross-Site Scripting Severity: Low Suggested CVSS v3.0: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (What’s that?) CVE: not assigned yet Problem Description: The extension …

Multiple vulnerabilities in extension “JobControl” (dmmjobcontrol)

It has been discovered that the extension “JobControl” (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting. Release Date: December 18, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.16.0 and below Vulnerability Type: SQL Injection, Cross Site-Scripting Severity: Critical Suggested CVSS v3.0:  AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C (What’s that?) CVE: not …

Multiple vulnerabilities in extension “DRC News Comment” (news_comment)

It has been discovered that the extension “DRC News Comment” (news_comment) is susceptible to Arbitrary Code Execution and Cross Site-Scripting. Release Date: December 18, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.7 and below Vulnerability Type: Arbitrary Code Execution, Cross Site-Scripting Severity: Critical Suggested CVSS v3.0: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C …