The U.S. Department of Defense has disclosed the details about four critical and high severity vulnerabilities in its infrastructure. The U.S. Department of Defense has disclosed details of four vulnerabilities in its infrastructure, two high severity rating issues and other two critical flaws. The vulnerabilities could be exploited by threat actors to hijack a subdomain, […]
Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident […]
The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware […]
The Twitter account of the Indian Prime Minister Modi was hacked, attackers sent a series of tweets asking followers to donate cryptocurrency to a relief fund. The Twitter account for the personal website of the Indian Prime Minister Narendra Modi (@narendramodi_in) has been hacked. The hackers have sent a series of tweets asking the followers […]
CyberNews researchers discovered an unsecured data bucket that belongs to View Media containing close to 39 million US citizen records. Original post: https://cybernews.com/security/online-marketing-company-exposes-data-of-millions-americans/ The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US citizen records, including their full names, […]
Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. Google has removed the app NEXTA LIVEÂ (com.moonfair.wlkm) from the official Play Store because it was used by the Belarusian government to spy on anti-government protesters. The malicious app remained in the store for almost […]
Cisco addressed a critical remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows operating system. Cisco has addressed a critical severity remote code execution flaw, tracked as CVE-2020-3495, that affects multiple versions of Cisco Jabber for Windows. Cisco Jabber for Windows is a desktop collaboration client that integrates users with presence, audion, video […]
Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin. […]
Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it […]
Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database […]