Experts discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. The exploit analysis firm EdgeSpot recently discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. “Shortly after last week’s discovery of a PDF exploit which used the […]
Check Point released a security update to address a flaw in its ZoneAlarm security software that could allow privilege escalation. Check Point released a security update to fix a vulnerability in its antivirus and firewall ZoneAlarm, the flaw could be exploited by attackers to escalate privileges on a system running it. The flaw was discovered […]
The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on dataThe cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data On January 19th we downloaded Collection #1 to make statistics […]
The security expert Dirk-jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have […]
DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled âMitigate DNS Infrastructure Tampering.â “In coordination with government and industry partners, the […]
Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X The security researcher Qixun Zhao of Qihoo 360’s Vulcan Team has published a PoC exploit code for critical vulnerabilities in Apple Safari web browser and iOS that could be exploited by a remote attacker to jailbreak […]
PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. Bad news for users that have downloaded the PHP PEAR package manager from the official website in the past 6 months because hackers have replaced it with a tainted version. The PHP Extension and […]
Nest recommended the owners of its security cameras to use enhanced authentication to avoid being hacked as happened with a family living in the US. Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. The couple explained to the local media that hackers compromised their Nest security camera and used atop their television and issued a warning of an imminent impact of missiles […]
Researchers from 0patch, a community of experts that aims at addressing software flaws, released unofficial patches for three Windows vulnerabilities that Microsoft has yet to be fixed. The list of vulnerabilities addressed by 0patch include a denial-of-service (DoS) bug, a file read issue, and a code execution flaw. “While we’re busy ironing out the wrinkles before […]
Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The independent security consultant Max Justicz has discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The flaw, tracked as CVE-2019-3462, affects package manager version 0.8.15 and later, […]