Liran Tal, a developer advocate at open-source security platform Snyk, discovered a high-severity prototype pollution security flaw that affects all versions of lodash. Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Liran Tal, a developer advocate at Snyk, discovered a high-severity prototype pollution vulnerability, tracked as CVE-2019-10744, that affects all […]
Zoom video conferencing software for Mac is affected by a flaw that could allow attackers to take over webcams when users visit a website. Cybersecurity expert Jonathan Leitschuh disclosed an unpatched critical security vulnerability in the Zoom app for Apple Mac computers, that is chained with another issue, could be exploited by attackers to execute […]
The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […]
Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan. The malware is able to log the usersâ keystrokes, collect information through hooking, access clipboard content, and monitor […]
The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being […]
The UK Information Commissioner’s Office (ICO) fined British Airways with ÂŁ183 million for failing to protect its customers’ data during last year’s security breach. The UK Information Commissioner’s Office (ICO) fined British Airways with ÂŁ183 million for failing to protect the personal information of roughly 500,000 customers during 2018 security breach. “Following an extensive investigation the ICO […]
Threat actors targeted two high-profile PGP project contributors with the intent to poison certificates used by the SKS keyserver network. Contributors to the PGP protocol GnuPG claim that threat actors are âpoisoningâ their certificates, this means that attackers spam their certificate with a large number of signatures. The intent is to make it impossible for […]
Security experts have uncovered a Magecart large-scale payment card skimming campaign that compromised 962 online stores based on Magento. Security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento CMS. The list of hacked e-commerce also includes a number of websites belonging […]
Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution. On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution. The company immediately launched an investigation, the good news is that the source code of the […]
Cyber criminals have exploited an unproperly implemented password reset process in 7-Eleven to make unwanted charges on 900 customers’ accounts. 7-Eleven Inc. is a Japanese-American international chain of convenience stores, news of the day is that hackers exploited a weakness in the password reset function to make unwanted charges on its customers’ accounts. Crooks targeted approximately 900 […]