Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and […]
A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365 […]
The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal […]
Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application products that could be exploited by hackers for DLL preloading, code execution, and privilege escalation. The first issue in […]
Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the stateâs elections chief announced. According to the Republican Secretary of State Frank LaRose, the cyber attack was ârelatively unsophisticatedâ and […]
Security experts disclosed a vulnerability dubbed StrandHogg that has been exploited by tens of malicious Android apps. Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps. The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that […]
Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. The malicious code executes a small program, just before starting the encryption […]
Millions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by […]
The online music streaming service Mixcloud was recently breached by a hacker that is attempting to sell stolen user data a dark web marketplace. On Friday, the hacker that goes online with the handle “A_W_S” contacted multiple media outlets to disclose the hack, it also provided data samples as proof of the data breach. The […]
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Iran â Government blocks Internet access in response to the protests Twitter allows users to use 2FA without a phone number After 1 Million of malware samples analyzed Federal Communications […]