Intel recommended OEMs, cloud service providers, system manufacturers, software vendors as well as end users to stop deploying the current versions of Spectre/Meltdown patches. While the Linux father Linus Torvalds defines the Spectre updates “utter garbage”, Intel warns to stop installing current versions of Spectre/Meltdown patches. Intel explained its approach in its technical note about Spectre mitigation […]
WordPress plugins and themes vulnerabilities statistics for 2017. The statistics were derived from our up-to-date WordPress Vulnerabilities Database. We are monitoring a large number of sources to add new vulnerabilities to the database on a daily basis. The year in figures We added 221 vulnerabilities to our database. The total number of vulnerabilities decreased by 69%. During […]
Security expert found more than 33000 Seagate’s GoFlex Home network-attached storage (NAS) devices vulnerable exposed online. Seagate has patched several vulnerabilities in its Personal Cloud and GoFlex products, but unfortunately, some flaws remain unpatched. In September, researcher Aditya K. Sood discovered vulnerabilities that can be exploited by attackers to launch cross-site scripting (XSS) and man-in-the-middle (MitM) attacks against […]
The white hat hacker Tavis Ormandy discovered a severe flaw in Blizzard games that expose millions of PCs to DNS Rebinding attacks. The notorious white hat hacker Tavis Ormandy at the Google’s Project Zero team made the headlines again, this time he discovered a severe flaw in Blizzard games that could be exploited by remote […]
The popular Linus Torvalds harshly criticizes the Spectre patches issued by Intel to patch the Spectre variant 2 flaw affecting its processor chips. Security experts harshly criticize the patch issued by Intel to patch the Spectre variant 2 flaw affecting its processor chips. Intel has decided to do not disable the prediction feature in future chips until the […]
According to a researcher from security firm Predeo, three Sonic apps in the Google Play published by SEGA leak users’ data to uncertified servers. According to a researcher from security firm Predeo, some game applications in the Google Play published by SEGA leak users’ data to uncertified servers. The Android apps are Sonic Dash, Sonic the Hedgehog™ Classic, and Sonic […]
Authorities discovered a fraudulent scheme involving dozens of gas-station employees who installed malicious programs on electronic gas pumps to cheat customers Russian law enforcement investigated fraudulent activities involving gas-station payment systems. Authorities discovered a fraudulent scheme involving dozens of gas-station employees who installed malicious programs on electronic gas pumps to trick customers into paying for more […]
Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising. In the last days of 2017, researchers at CSE Cybsec observed threat actors exploiting some CMS vulnerabilities to upload […]
Cybersecurity week Round-Up (2018, Week 3) -Let’s try to summarize the most important event occurred last week in 3 minutes. The week started with the discovery of a new variant of the dreaded Mirai Botnet dubbed Okiru, for the first time a malware targets ARC based IoT devices, billions of IoT devices are potentially at […]
Google has awarded a record $112,500 to a security researcher for reporting an exploit chain that could be used to hack Pixel smartphones. Last week the Google disclosed the technical details of the exploit chain that was devised in August 2017 by the Guang Gong from Alpha Team at Qihoo 360 Technology. The exploit chain triggers two […]