April 23, 2019
Via: Help Net Security2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of exploits discovered in the wild before a patch was available was nearly three […]
April 17, 2019
Via: Threat PostA just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover. Discovered by Vasily Berdnikov and Boris Larin of Kaspersky […]
April 12, 2019
Via: Threat PostThe maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several […]
Application security, Mobile security, Vulnerabilities
April 2, 2019
Via: Threat PostA white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface (API) keys and use […]
Cyber-crime, Malware, Threats & Malware, Virus & Malware, Vulnerabilities
March 15, 2019
Via: Security AffairsSeveral threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR. The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of users potentially […]
February 19, 2019
Via: Security AffairsThe Proof-of-concept (PoC) exploit code for a recently discovered vulnerability in runc tracked as CVE-2019-5736 is now publicly available. Last week, Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the […]
December 28, 2018
Via: Security AffairsThe vulnerability affects the JavaScript engine Chakra implemented in the Edge web browser, an attacker could exploit it to execute arbitrary code on the target machine with the same privileges as the logged user. “A remote code execution vulnerability exists […]
November 1, 2018
Via: CSO OnlineWhile you likely don’t stop to think about water or energy industries when you grab a drink of water or flip on the lights, you would definitely notice if your electricity or water stopped working. You might not know why […]
Network security, Vulnerabilities
September 28, 2018
Via: Dark ReadingGood digital hygiene will lower your risk, and these six tips can help. This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we’ve hit a major mark in CVE identifiers, Cisco found that the total […]
Network security, Vulnerabilities
August 16, 2018
Via: Dark ReadingPHP unserialization can be triggered by other vulnerabilities previously considered low-risk. PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack […]
June 25, 2018
Via: Dark ReadingA new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server. A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to […]
June 15, 2018
Via: Security AffairsGnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications. GnuPG version 2.2.8 released earlier this month […]
Application security, Mobile security
April 19, 2018
Via: Security IntelligenceWe often think of vulnerabilities as complex technical problems that are difficult to discover and exploit. But if a special character, such as a foreign-language character, in an application running on a common operating system generates a memory corruption issue, […]
March 1, 2018
Via: Security WeekUpdates released by the Internet Systems Consortium (ISC) for the Dynamic Host Configuration Protocol (DHCP) software patch two remotely exploitable vulnerabilities discovered by a researcher at Google. Felix Wilhelm of the Google Security Team found that the DHCP Client (dhclient), […]
February 7, 2018
Via: Security WeekAdobe updated Flash Player on Tuesday to address a zero-day vulnerability exploited by what experts believe to be a North Korean hacker group in attacks aimed at individuals in South Korea. The existence of the vulnerability, tracked as CVE-2018-4878, came […]
February 5, 2018
Via: CSO OnlineOh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts. Before this, EternalSynergy, EternalRomance, and EternalChampion […]
January 10, 2018
Via: Dark ReadingPeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency. Enterprises that failed to install Oracle’s critical WebLogic patch last October could find their PeopleSoft and cloud-based servers […]
Malware, Security, Threats & Malware
December 18, 2017
Via: Security AffairsLast week, Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities that can be exploited by a remote and unauthenticated for remote code execution and command injection. The critical issue, tracked as CVE-2017-15944, […]
Malware, Virus & Malware, Vulnerabilities
October 27, 2017
Via: Security WeekContrary to initial reports, the Bad Rabbit ransomware that hit Russia and Ukraine this week does in fact leverage an exploit linked to the U.S. National Security Agency (NSA). Similar to the NotPetya wiper that infected tens of thousands of […]
October 26, 2017
Via: Threat PostHackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the […]