Tag: Exploit

April 23, 2019

2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of exploits discovered in the wild before a patch was available was nearly three […]

April 17, 2019

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover. Discovered by Vasily Berdnikov and Boris Larin of Kaspersky […]

April 12, 2019

The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several […]

April 2, 2019

A white hat hacker reverse engineered 30 mobile financial applications and found sensitive data buried in the underlying code of nearly all apps examined. With this information a hacker could, for example, recover application programming interface (API) keys and use […]

March 15, 2019

Several threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR. The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of users potentially […]

February 19, 2019

The Proof-of-concept (PoC) exploit code for a recently discovered vulnerability in runc tracked as CVE-2019-5736 is now publicly available. Last week, Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the […]

December 28, 2018

The vulnerability affects the JavaScript engine Chakra implemented in the Edge web browser, an attacker could exploit it to execute arbitrary code on the target machine with the same privileges as the logged user. “A remote code execution vulnerability exists […]

November 1, 2018

While you likely don’t stop to think about water or energy industries when you grab a drink of water or flip on the lights, you would definitely notice if your electricity or water stopped working. You might not know why […]

September 28, 2018

Good digital hygiene will lower your risk, and these six tips can help. This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we’ve hit a major mark in CVE identifiers, Cisco found that the total […]

August 16, 2018

PHP unserialization can be triggered by other vulnerabilities previously considered low-risk. PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack […]

June 25, 2018

A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server. A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to […]

June 15, 2018

GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications. GnuPG version 2.2.8 released earlier this month […]

April 19, 2018

We often think of vulnerabilities as complex technical problems that are difficult to discover and exploit. But if a special character, such as a foreign-language character, in an application running on a common operating system generates a memory corruption issue, […]

March 1, 2018

Updates released by the Internet Systems Consortium (ISC) for the Dynamic Host Configuration Protocol (DHCP) software patch two remotely exploitable vulnerabilities discovered by a researcher at Google. Felix Wilhelm of the Google Security Team found that the DHCP Client (dhclient), […]

February 7, 2018

Adobe updated Flash Player on Tuesday to address a zero-day vulnerability exploited by what experts believe to be a North Korean hacker group in attacks aimed at individuals in South Korea. The existence of the vulnerability, tracked as CVE-2018-4878, came […]

February 5, 2018

Oh, good, three NSA exploits previously leaked by The Shadow Brokers have been tweaked so they now work on all vulnerable Windows 2000 through Server 2016 targets, as well as standard and workstation counterparts. Before this, EternalSynergy, EternalRomance, and EternalChampion […]

January 10, 2018

PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency. Enterprises that failed to install Oracle’s critical WebLogic patch last October could find their PeopleSoft and cloud-based servers […]

December 18, 2017

Last week, Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities that can be exploited by a remote and unauthenticated for remote code execution and command injection. The critical issue, tracked as CVE-2017-15944, […]

October 27, 2017

Contrary to initial reports, the Bad Rabbit ransomware that hit Russia and Ukraine this week does in fact leverage an exploit linked to the U.S. National Security Agency (NSA). Similar to the NotPetya wiper that infected tens of thousands of […]

October 26, 2017

Hackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the […]