Security Archives - Page 308 of 515

Pierluigi Paganini June 02, 2018

Flaws in Multidots WordPress Plugins expose e-Commerce websites to a broad range of attacks

Researchers at ThreatPress firm discovered security vulnerabilities in ten WordPress plugins developed by Multidots, a company for e-commerce websites. The vulnerable plugins are available on theWordPress.org and implement a set of features for WooCommerce installations that allow admins to manage their online shops, nearly 20,000 WordPress installs currently use them. “Recently our research team found serious security […]

Pierluigi Paganini June 01, 2018

Visa payments DOWN: Millions affected by a service disruption

The Visa card payment system is suffering a widespread outage across Europe, millions of users were unable to make payments using their cards. Shoppers and travelers were unable to make payments with their cards since at around 2.30pm on Friday across Europe. At the time of writing, Visa confirmed the widespread problems but did not […]

Pierluigi Paganini May 30, 2018

CVE-2018-11235 flaw in Git can lead to arbitrary code execution

The Git community disclosed a dangerous vulnerability in Git, tracked as CVE-2018-11235, that can lead to arbitrary code execution when a user operates in a malicious repository. The Git developer team and other firms offering Git repository hosting services have issued security updates to address a remote code execution vulnerability, tracked as CVE-2018-11235 in the Git […]

Pierluigi Paganini May 26, 2018

CVE-2018-7783 flaw in Schneider SoMachine Basic can be exploited to read arbitrary files on the targeted system

Schneider Electric issued a security update for its EcoStruxure Machine Expert (aka SoMachine Basic) product that addresses a high severity vulnerability, tracked CVE-2018-7783, that could be exploited by a remote and unauthenticated attacker to obtain sensitive data. “SoMachine Basic suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and […]

Pierluigi Paganini May 22, 2018

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Yesterday AMD, ARM, IBM, Intel, Microsoft and other major tech firms released updates, mitigations and published security advisories for two new variants of Meltdown and Spectre attacks. Spectre and Meltdown made the headlines again, a few days after the disclosure of a new attack technique that allowed a group of researchers to recover data from the System […]

Pierluigi Paganini May 21, 2018

Internet Systems Consortium rolled out security updates to address 2 flaws in BIND DNS Software

On Friday, the Internet Systems Consortium (ISC) announced security updates for BIND DNS software that address two vulnerabilities rated with a “medium” severity rating. Both vulnerabilities could be exploited by attackers to cause a denial-of-service (DoS) condition, the first issue tracked as CVE-2018-5737 can also cause severe operational problems such as degradation of the service. “A problem […]

Pierluigi Paganini May 20, 2018

Experts propose a new variation of the Spectre attack to recover data from System Management Mode

Researchers from Eclypsium proposed a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. Security experts from Eclypsium have devised a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode (SMM) (aka called ring -2). The SMM is an operating […]

Pierluigi Paganini May 19, 2018

Chrome evolves security indicators by marking with a red warning for HTTP content

Starting with Chrome 70, Google will mark with a red warning for HTTP content, Big G is continuing its effort to make the web more secure. Since January 2017, Chrome indicates connection security with an icon in the address bar labeling HTTP connections to sites as non-secure, while since May 2017 Google is marking newly registered sites that […]

Pierluigi Paganini May 18, 2018

CISCO issued security updates to address three critical flaws in Cisco DNA Center

Cisco has issued security updates to address three critical vulnerabilities in its DNA Center appliance, admins need to update their installs as soon as possible. Cisco has issued security updates to address three critical vulnerabilities in its Digital Network Architecture (DNA) Center appliance. The DNA Center is a network management and administration tool, experts discovered […]

Pierluigi Paganini May 15, 2018

Dutch Government plans to phase out the use of Kaspersky solutions

Dutch Government plans to phase out the use of Kaspersky solutions while the security firm confirmed that its code infrastructure is going to move to Switzerland. The antivirus firm Kaspersky Lab made the headlines again, the company confirmed that its code infrastructure is going to move to Switzerland. The news arrives just after the comment from the Netherlands […]

Security

Flaws in Multidots WordPress Plugins expose e-Commerce websites to a broad range of attacks

Visa payments DOWN: Millions affected by a service disruption

CVE-2018-11235 flaw in Git can lead to arbitrary code execution

CVE-2018-7783 flaw in Schneider SoMachine Basic can be exploited to read arbitrary files on the targeted system

Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4

Internet Systems Consortium rolled out security updates to address 2 flaws in BIND DNS Software

Experts propose a new variation of the Spectre attack to recover data from System Management Mode

Chrome evolves security indicators by marking with a red warning for HTTP content

CISCO issued security updates to address three critical flaws in Cisco DNA Center

Dutch Government plans to phase out the use of Kaspersky solutions

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!