Kodi add-ons launch cryptomining campaign

ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware. If you use Kodi, you may have noticed that a popular, Dutch repository for third-party add-ons, XvBMC, was recently shut down upon copyright-infringement warnings. Following the shutdown, we discovered that the repository was … More Kodi add-ons launch cryptomining campaign

Could home appliances knock down power grids?

Far-fetched though it may sound, the answer is yes, according to researchers, who show that electrical grids and smart home appliances could make for a dangerous mix. Cybercriminals could rope internet-connected household appliances into a botnet in order to manipulate the demand side of the power grid and, ultimately, cause anything from local outages to large-scale blackouts, … More Could home appliances knock down power grids?

PowerPool malware exploits ALPC LPE zero-day vulnerability

Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability

Instagram expands 2FA and account verification

The move is part of a three-pronged plan that is intended to bolster user trust and safety on the photo-sharing platform. Instagram has announced that its users will soon be able to secure their accounts with third-party authentication apps. Prior to the announcement of this much-anticipated change, the photo-sharing platform supported only SMS-based two-factor authentication (2FA). Text … More Instagram expands 2FA and account verification

Semi-annual balance of mobile security

For Android, malware detections were down 27% compared to the first half of 2017; for iOS, they decreased 15% compared to the same period last year. Mobile security plays an increasingly important role in the protection of information assets, and this applies to both home and corporate users. So, this publication will focus on analyzing the … More Semi-annual balance of mobile security

PoC targeting critical Apache Struts bug found online

The discovery was made barely two days after the release of a patch that fixes the critical flaw in the web application framework. Researchers have discovered freely available proof-of-concept (PoC) code that can be used to exploit a critical security hole in the Apache Struts 2 web application framework shortly after the vulnerability was disclosed … More PoC targeting critical Apache Struts bug found online