Security experts at Armis have discovered a dozen zero-day vulnerabilities affecting the VxWorks real-time operating systems (RTOS) for embedded devices. Researchers at Armis Labs have discovered a dozen zero-day flaws in the VxWorks real-time operating systems (RTOS) for embedded devices. The collection of vulnerabilities was dubbed URGENT/11, it includes 11 flaws, 6 of which are […]
Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). The plugin is one of the 1,000 most popular plugins and it was closed on the […]
According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 billion attacks. The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks, a 20% drop compared to […]
Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0. Playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution […]
Over the weekend, Jessica Alba’s Twitter account was hacked, the miscreants posted homophobic, racist and Nazi-sympathizing messages. On Saturday evening, miscreants hacked the Twitter account of the actress Jessica Alba and posted hateful, homophobic, and racist messages that remained live for hours. One of the messages posted by the hackers reads “Nazi Germany Did Nothing […]
Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites. Security experts at Trustwave observed threat actors using a rare steganography technique, attackers are hiding PHP scripts in Exchangeable Image Format (EXIF) headers of JPEG images that are uploaded on the website. The Exchangeable image file format is a standard […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw Twitter account of […]
According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. A report published by cybersecurity firm Sixgill revealed that data for over 23 million payment card were offered for sale in the cybercrime underground. The report, […]
Attackers deployed a Magecart credit card skimmer script into fake Google domains used to trick visitors into making online transactions. Experts at Sucuri discovered threat actors using fake Google domains hosting a Magento skimmer script used to steal payment data when unaware visitors make transactions. The campaign was uncovered when the owner of a website […]
Marcus Hutchins has been sentenced to “time served” and one year of supervised release his role in developing and selling the Kronos banking malware. The popular researcher Marcus Hutchins, also known as MalwareTech, has been sentenced to “time served” and one year of supervised release his role in developing and selling the Kronos banking malware. […]