MacOS Zero-Day Vulnerability Allows Synthetic Mouse Clicks to Run Malicious Code
A zero-day vulnerability has been discovered in Apple’s Mojave operating system which could be exploited to run malicious code on vulnerable devices without being detected. The zero-day flaw was discovered by Digita Security’s chief research officer Patrick Wardle. The flaw is in Mojave’s application verification system and could be exploited to run whitelisted applications that have been doctored to run malicious code by mimicking...
Sensitive Information of 11.9 Million Quest Diagnostics Patients Compromised
Quest Diagnostics, one of the leading medical laboratories and blood testing companies in the United States, has been affected by a data breach at one of its vendors. That breach has resulted in the exposure and potential theft of almost 12 million individuals’ personal, medical, and financial information. According to a recent U.S. Securities and Exchange Commission (SEC) filing, Quest Diagnostics was notified of a data breach at the...
GandCrab Ransomware Gang to Retire Within a Month
The cybercriminal gang behind GandCrab ransomware will be retiring in a month and their operation will be shut down. The gang announced on a popular hacking forum where the ransomware has previously been advertised that the ransomware-as-a-service operation will soon be no more and that ‘all the good come to an end.’ According to the post, the ransomware has been earing around $2.5 million a week and the gang claims around $2 billion...
Emotet was the Biggest Email Threat in Q1
A new report from Proofpoint has confirmed Emotet was the biggest email-based threat in the first quarter of 2019. The popularity of the malware is not surprising. While Emotet was once just a banking Trojan, it can now be used to deliver other malware variants and can even distribute itself automatically by sending copies of itself via spam email on a compromised device. Emotet is now classed as a botnet, as it is being used to...
BlueKeep RDP Vulnerability Still Not Patched on Almost 1 Million Devices
The critical, wormable BlueKeep RDP vulnerability (CVE-2019-0708) that was patched by Microsoft on May 14 has still not been addressed on almost 1 million devices, according to Robert Graham, head of offensive security research at Errata Security. Graham conducted a rdpscan using a scanning tool on top of a masscan port scanner. The tool allowed him to scan the Internet for devices that have not had the BlueKeep RDP bug corrected. In...