Top

Category: Vulnerabilities


Vulnerabilities

New Drupal Exploit Mines Monero for Attackers

June 25, 2018

Via: Dark Reading

A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server. A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to […]


Vulnerabilities

Oracle Patches New Spectre, Meltdown Vulnerabilities

June 25, 2018

Via: Security Week

Oracle announced on Friday that it has started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown vulnerabilities. Intel, AMD, ARM, IBM, Microsoft and other major tech companies last month coordinated […]


Network security, Threats & Malware, Vulnerabilities

How to Overcome Cognitive Biases That Threaten Data Security

June 19, 2018

Via: Security Intelligence

Did you know the software that powers our brains contains security flaws that need to be patched? I’m talking about cognitive biases, which are the wetware vulnerabilities that collectively constitute the single greatest threat to enterprise data security. The Interaction […]


Vulnerabilities

Researchers disclose 7 flaws in 390 Axis IP cameras, remote attacker could take control

June 18, 2018

Via: CSO Online

If you use Axis security cameras, then you really need to update the firmware as seven vulnerabilities across 390 camera models could allow an attacker to remotely take over the camera. VDOO security researchers have been looking into the security […]


Vulnerabilities

A new Meltdown-like flaw tracked as LazyFP affects Intel CPUs

June 15, 2018

Via: Security Affairs

A new vulnerability involving side channel speculative execution on Intel chips, known as LazyFP, has been announced and assigned CVE-2018-3665. A new vulnerability tracked as LazyFP (CVE-2018-3665) involving side channel speculative execution affects Intel CPUs, like previous ones it could […]


Vulnerabilities

SigSpoof GnuPG flaw could be exploited to spoof message signatures

June 15, 2018

Via: Security Affairs

GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications. GnuPG version 2.2.8 released earlier this month […]


Vulnerabilities

Dixons Carphone Cyberattack Targets 5.9M Bank Cards

June 14, 2018

Via: Threat Post

European electronic and telecom retailer Dixons Carphone has discovered a massive cyber-attack that may have compromised millions of payment cards and personal data records, it said Wednesday. The U.K.-based retail giant, whose subsidiaries include Carphone Warehouse, Currys, PC World, Elkjøp […]


Malware, Vulnerabilities

Bypass Glitch Allows Malware to Masquerade as Legit Apple Files

June 13, 2018

Via: Threat Post

Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have […]


Mobile security, Vulnerabilities

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

June 12, 2018

Via: Threat Post

Nine months after researchers warned of the BlueBorne remote code execution bug, Lenovo said Thursday that a patch is finally available for three popular lines of its Android tablets. Lenovo, the world’s No. 3 Android tablet-maker, said BlueBorne patches are […]


Mobile security, Vulnerabilities

Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain

June 5, 2018

Via: Threat Post

Facebook is hitting back against a New York Times article alleging that it struck deals enabling phone-makers to access users’ personal information. The incident is yet another blow to the social media giant as it continues to deal with questions […]