Tag: attacker

January 5, 2023

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. “An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow […]

December 15, 2022

Last year, two high severity, easily exploitable Microsoft Exchange vulnerabilities dubbed ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain […]

December 9, 2022

Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading […]

November 18, 2022

On November 10, the US Cybersecurity and Infrastructure Security Agency (CISA) published two advisories describing three vulnerabilities affecting NJ and NX-series controllers and software made by Japanese electronics giant Omron. One of the advisories describes CVE-2022-33971, a high-severity flaw that […]

October 17, 2022

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the […]

September 19, 2022

The GifShell Attack Method Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several shoppingmode Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and […]

September 12, 2022

Tracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports. “To exploit this vulnerability, the attacker must be able to send […]

November 20, 2019

The growth in both large- and small-scale DDoS attacks continues its upward trajectory, according to a report released by Neustar. The report reveals that the total number of DDoS attacks was up 241% in the third quarter of 2019, compared […]

March 27, 2019

A blockchain system has been proposed to guarantee proper performance even when more than 51% of the system’s computing power is controlled by an attacker. The system, RepuCoin, introduces the concept of “reputation” to blockchain, effectively making it thousands of […]

March 11, 2016

A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or […]

January 8, 2016

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates. Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an […]

September 6, 2015

#mozilla said an unknown #attacker accessed its #bugzilla bug-and-change tracking database, stole information about 53 critical security #vulnerabilities, and used at least one of those flaws to attack #firefox #users. Bugzilla is the open-source #tracker that Mozilla’s developers — both […]

July 15, 2015

Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm. A published paper, expected to be delivered at the upcoming USENIX Security Symposium next month in Washington, D.C., describes […]

July 8, 2015

Adobe has issued patches for Flash to address multiple vulnerabilities, including a use-after-free zero-day flaw in the in the ActionScript 3 ByteArray (CVE-2015-5119), which could allow a remote attacker to execute arbitrary code on a targeted system. “Adobe has released […]

June 23, 2015

Home media player software Kodi (formerly known as XBMC) has been found vulnerable to man-in-the-middle attacks that may jeopardize the security of home users, according to Bitdefender research. Kodi is mostly used by those who want to build their own […]

May 21, 2015

CareFirst, a Blue Cross Blue Shield plan, has announced that they have suffered a #breach in which the attackers gained access to one of their databases. “Evidence suggests the attackers could have potentially acquired member-created user names created by individuals […]

May 20, 2015

A new and critical #vulnerability uncovered by #security researchers would allow an #attacker to intercept and decrypt secured communications exchanged between users and thousands of web sites and mail servers worldwide. The vulnerability, dubbed “Logjam,” affects what’s known as the Transport […]

May 13, 2015

The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in […]

May 12, 2015

#password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles’ heel: Usually, a single master password unlocks the entire vault. But a group of researchers has developed […]

May 6, 2015

Still reeling from the Superfish vulnerability, three more serious vulnerabilities have been patched and disclosed in #lenovo’s update system for its PCs. Researchers at IOActive yesterday disclosed details on a trio of #security issues related to the mechanism by which […]