Threats & Malware, Vulnerabilities
January 5, 2023
Via: The Hacker NewsFortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. “An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow […]
Threats & Malware, Vulnerabilities
December 15, 2022
Via: CSO OnlineLast year, two high severity, easily exploitable Microsoft Exchange vulnerabilities dubbed ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain […]
Threats & Malware, Vulnerabilities
December 9, 2022
Via: Security AffairsCisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading […]
Threats & Malware, Vulnerabilities
November 18, 2022
Via: Security WeekOn November 10, the US Cybersecurity and Infrastructure Security Agency (CISA) published two advisories describing three vulnerabilities affecting NJ and NX-series controllers and software made by Japanese electronics giant Omron. One of the advisories describes CVE-2022-33971, a high-severity flaw that […]
Threats & Malware, Vulnerabilities
October 17, 2022
Via: The Hacker NewsZimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the […]
Application security, Security
September 19, 2022
Via: The Hacker NewsThe GifShell Attack Method Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several shoppingmode Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and […]
Threats & Malware, Vulnerabilities
September 12, 2022
Via: Security WeekTracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports. “To exploit this vulnerability, the attacker must be able to send […]
Hacker, Network security, Threats & Malware
November 20, 2019
Via: Help Net SecurityThe growth in both large- and small-scale DDoS attacks continues its upward trajectory, according to a report released by Neustar. The report reveals that the total number of DDoS attacks was up 241% in the third quarter of 2019, compared […]
March 27, 2019
Via: Help Net SecurityA blockchain system has been proposed to guarantee proper performance even when more than 51% of the system’s computing power is controlled by an attacker. The system, RepuCoin, introduces the concept of “reputation” to blockchain, effectively making it thousands of […]
March 11, 2016
Via: Help Net SecurityA vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or […]
Access control, Application security
January 8, 2016
Via: CSO OnlineThe update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates. Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an […]
September 6, 2015
Via: network-security#mozilla said an unknown #attacker accessed its #bugzilla bug-and-change tracking database, stole information about 53 critical security #vulnerabilities, and used at least one of those flaws to attack #firefox #users. Bugzilla is the open-source #tracker that Mozilla’s developers — both […]
July 15, 2015
Via: hackerTwo Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm. A published paper, expected to be delivered at the upcoming USENIX Security Symposium next month in Washington, D.C., describes […]
July 8, 2015
Via: vulnerabilitiesAdobe has issued patches for Flash to address multiple vulnerabilities, including a use-after-free zero-day flaw in the in the ActionScript 3 ByteArray (CVE-2015-5119), which could allow a remote attacker to execute arbitrary code on a targeted system. “Adobe has released […]
June 23, 2015
Via: vulnerabilitiesHome media player software Kodi (formerly known as XBMC) has been found vulnerable to man-in-the-middle attacks that may jeopardize the security of home users, according to Bitdefender research. Kodi is mostly used by those who want to build their own […]
May 21, 2015
Via: data-lossCareFirst, a Blue Cross Blue Shield plan, has announced that they have suffered a #breach in which the attackers gained access to one of their databases. “Evidence suggests the attackers could have potentially acquired member-created user names created by individuals […]
May 20, 2015
Via: vulnerabilitiesA new and critical #vulnerability uncovered by #security researchers would allow an #attacker to intercept and decrypt secured communications exchanged between users and thousands of web sites and mail servers worldwide. The vulnerability, dubbed “Logjam,” affects what’s known as the Transport […]
May 13, 2015
Via: vulnerabilitiesThe two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in […]
May 12, 2015
Via: privacy-protection#password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles’ heel: Usually, a single master password unlocks the entire vault. But a group of researchers has developed […]
May 6, 2015
Via: vulnerabilitiesStill reeling from the Superfish vulnerability, three more serious vulnerabilities have been patched and disclosed in #lenovo’s update system for its PCs. Researchers at IOActive yesterday disclosed details on a trio of #security issues related to the mechanism by which […]