A new cybercriminals’ campaign has been launched. So far, many Internet users have received fake e-mails from a "courier company" with information about receiving a package, documents or invoice.

The fake e-mail's content a dangerous link, which does not lead to the courier company’s website, but to a malicious application containing a Trojan, known as Nymaim.

If Nymaim is launched on a device, it will attempt to either lock the screen or download additional malware. If the user is located in a country in Europe or North America, the malware will download a customized lockscreen for that particular country. The lockscreen will display the ransom demand. If the user is in a country for which no customized lockscreen is available,

According to the security experts from Cisco Talos company, 7-Zip - a popular open source file compression program that supports all major compression formats - contains two dangerous vulnerabilities.

The first security flaw was found in the code that handle Universal Disk Format (UDF) files, and if exploited, cyberattackers could use this vulnerability to execute any malicious codes remotely.

The second security flaw is an exploitable heap overflow vulnerability which could allow the attackers to compromise updated machines, giving attackers the same access rights as logged-in users.

Igor Pavlov - 7-Zip developer - has confirmed that both vulnerabilities have been fixed in the newest   version of his popul

Cybercriminals have attempted a phishing attack on Netflix users. The user receives an e-mail with the information about incorrect payment details and a request to update them. The massage also contains a link (entitled “Update your account now”) which if selected redirects the user to “appropriate” Netflix page.

In reality the link is a phishing site with fake Netflix branding, where the scammers harvest victims' payment information. Among other things, the users are ask enter their credit card details, and if they do so, they are then brought to a genuine Netflix page.

Netflix says it will never ask customers to send any of their personal details, such as payment information or passwords, over email.
“Never enter your logi

The security experts from Kaspersky Lab have recently warn all Android users about dangerous malware known as Skygofree, that has been spotted on several devices utilizing this popular operating system. The new malicious programs seems to be working on a similar basis as the Pegasus malware, which had caused a lot of troubles for Android and iOS users.

Kaspersky security experts have confirmed that the malware has so far infected only Italian Android users, but that does not mean that users in other countries can let their guard down.

According to the researchers Skygofree is a strain of multi-stage spyware that gives attackers full remote control of an infected device. The malware is capable of intercepting calls

Hackers have taken control over several computers in one of the US hospitals by realizing a new form of ransomware called SamSam.

The hospital officials have confirmed that the hackers targeted more than 1400 files, and renamed them with the phrase “I’m sorry”. They gave the hospital seven days to pay 55,000 USD of ransom or the files (with the patient records) would be permanently encrypted.

Unlike traditional ransomware, SamSam is not delivered through drive-by-downloads or emails. It is capable of avoiding detection by disabling built-in Windows protection mechanisms, such as System Restore, Safe Mode, System Recovery, and Windows Error Reporting. Moreover, the ransomware is able to encrypt all files locally without connecting to the

A security flaw has been identified in the design of Intel, ARM and AMD's processors which may affect millions of computers across the world. The flaw is believed to involve chips in computers over the last decade.

The threat affects not only computers, but also smartphones and other devices which utilize the chipsets of the mentioned manufacturers. Details of the issue are being kept under wraps amid fears it could be exploited by hackers.

The Google's Project Zero engineers have categorized the flaw into two forms of attack, named Meltdown and Spectre. The first issue allows attackers to read not only kernel memory but also the entire physical memory of the target machines, and therefore all secrets of other programs and the operating system

The internet security experts from Check Point Software Technologies have recently found a new malicious code hidden inside over 60 game apps available for download from the Google Play Store.

According to the researchers the infected apps contained pornographic malware and were targeted squarely at children. The affected apps have so far been downloaded between 3 and 7 million times!

Dubbed as AdultSwine, the malware was designed to display adverts from the web that were often highly inappropriate and pornographic.

Fortunately, Google has immediately removed the infected apps from Google Play Store. In an emailed statement the company states: "We appreciate Check Point's work to help keep users safe." and "We

The cyber security experts from Trend Micro company have found a new type of malware, known as Digmine. This malicious bot is spreading across the world via the Facebook Messenger app, and was designed to infect as many privet computers as possible, to mine cryptocurrency for its developers at the expense of the users.

Victims usually receive a zip file, named “video_xxxx.zip” (where xxxx is a four-digit number) that tries to pass as video file. In reality it is an executable script, which if activated can affect Facebook Messenger (both the desktop and web versions) using the Goggle Chrome browser.

Once in control of Chrome, the Digmine bot uses the browser to download and install additional extension for its clandestine mining operation

A new method has been recently revealed that, potentially,  allows the cyber criminals to take over the control over EVERY modern smart phone, simple by using several of standard sensors present in these type of devices.

The researchers from the Nanyang Technological University in Singapore (NTU Singapore) have proven that seatrain  sensors (present in every modern smart phone) such as: accelerometer, gyroscope and proximity indicators, represent a potential security risk, that can be easily utilized by cyber criminals.

The researchers have succeeded in unlocking several of modern smart phones (acquired with the UP-TO-DATE Android OS system) with a 99.5 percent accuracy, with only THREE tries, simply by using the combination

A new code injection technique, called “Process Doppelgänging”, has been described at the recent Black Hat Europe 2017 security conference in London. According to the security experts from enSilo cyber-security firm, the newly discovered attack pose a serious threat to all Windows OS systems and is capable of bypassing the majority of today's internet security solutions. This is because the it utilizes the Windows mechanism of NTFS Transactions.

Transactionable NTFS integrates transactions into the NTFS file system to allow for improved error handling and data integrity preservation in Windows systems. The researchers claim that “it is possible to create a file inside a transaction, and for no other process this file is visible, as long as our transaction

The security experts from the ZaufanaTrzeciaStrona.pl portal have recently informed about a new free to access database that contains a whopping 1.4 billion usernames and passwords in clear text.

The database contains plain text credentials leaked from the following domains:

- wp.pl

- interia.pl

- o2.pl

- op.pl

- tlen.pl

- vp.pl

- poczta.onet.pl

- onet.pl

- buziaczek.pl

The security experts from ESET company have informed about two new banking trojan applications located in the Google Play store.

The malicious apps made their way into the store disguised as the seemingly harmless apps “Crypto Monitor”, a cryptocurrency price tracking app, and “StorySaver”, a third-party tool for downloading stories from Instagram.

The apps delivered the promised functionalities but also displayed fake notifications and login forms which appear to be from legitimate banking applications but are actually just phishing pages harvesting credentials. The malicious apps also intercept text messages to bypass SMS-based factor authentication.

According to the ESET post: “After the malicious apps are launc

The portal Zaufana Trzecia Strona warns its readers against a new phishing, which consists of sending false package delivery notification e-mail messages. A moment of inattention can lead to blocking access to the device.

According to the security experts, the scammers send fake e-mails with subject lines containing the text like:

- “Courier's visit date notification”
- “Package delivery notification”
- “Delivery failure notification”

The emails claim to be from one of the major delivery companies (FedEx, Geis, DPD or UPS) contain fraudulent information about an attempted package delivery. The emails then instruct the person to click on a link for more information regarding how and when

Those of you who have installed the Al.type applications (a very popular keyboard app for Android and iOS devices) may have considerable trouble. Potential problems are connected with the security errors leading to the data leakage of approximately 78% of the app users – that is, about 31 million users!

According to the information provided by Zdnet, the compromised database (containing over 577 Gb of data) was stored on a unsecured server. Not even the very basic password protection measures were applied!

Are you curious about what sort of data were leaked? Well, there are a lot of them:
- users' personal data,
- phone numbers,
- e-mail adress,
- IP, IMEI and IMSI numbers,
- ISP’s names,