Two months after the release of the security updates for the drupalgeddon2 flaw, experts continue to see vulnerable websites running on flawed versions of Drupal that hasn’t installed security patches. In March, the Drupal developers Jasper Mattsson discovered a âhighly criticalâ vulnerability, tracked as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Both Drupal 8.3.x and 8.4.x are […]
Security experts at security firm Intezer have recently discovered backdoor, associated with the operation of the Iron cybercrime group, that is based on the leaked source code of Remote Control System (RCS). The Remote Control System (RCS) is the surveillance software developed by the HackingTeam, it was considered a powerful malware that is able to infect also mobile […]
Facebook APIs granted access to the data belonging to FB users to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung so that they could implement Facebook messaging functions. After the Cambridge Analytica privacy scandal, Facebook is now facing new problems because it is accused of sharing user data with over 60 […]
Microsoft has reportedly acquired the popular code repository hosting service GitHub, but at the time of writing there is no news about how much Microsoft paid for the platform. Microsoft has reportedly acquired the popular code repository hosting service GitHub. GitHub was last valued at $2 billion in 2015, but at the time of writing […]
Security experts reported widespread Google Groups misconfiguration exposes sensitive information. Administrators of organizations using Google Groups and G Suite must review their configuration to avoid the leakage of internal information. Security researchers from Kenna Security have recently discovered that 31 percent of 9,600 organizations analyzed is leaking sensitive e-mail information. The list of affected entities also includes […]
A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […]
According to the security experts at Imperva firm, three open Redis servers out of four are infected with malware. The discovery is the result of analysis conducted by running Redis-based honeypot servers for some months. Since their initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, the experts from Imperva have discovered a new […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! ·     A bug in T-Mobile site allowed anyone see any customers account details ·     […]
Cyber criminals recently added the code for the CVE-2018-8174 Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. Crooks recently added the code for an Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. The Internet Explorer zero-day vulnerability, tracked as CVE-2018-8174, was first discovered a few weeks ago, it affects VBScript implemented in Internet Explorer and Microsoft […]
Researchers at ThreatPress firm discovered security vulnerabilities in ten WordPress plugins developed by Multidots, a company for e-commerce websites. The vulnerable plugins are available on theWordPress.org and implement a set of features for WooCommerce installations that allow admins to manage their online shops, nearly 20,000 WordPress installs currently use them. “Recently our research team found serious security […]