Vulnerabilities

VULNERABILITIES

Squirrel Engine Bug lets attackers hack games and cloud services

3 years ago

Squirrel is an open-source, object-oriented programming language used for scripting video games and in IoT devices and distributed transaction processing platforms such as Enduro/X. Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that attackers can abuse to break out of the sandbox restrictions and execute... Read more

Squirrel is an open-source, object-oriented programming language used for scripting video games and in... Read more

VULNERABILITIES

Cyber Puppeteer Kits: The New Financial Services Security Threat

3 years ago

Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber puppeteer kit. They are a substantial threat to an organization’s employees, customers, critical assets and more. A cyber puppeteer kit, also referenced as “live panels” among the threat actors that operate them, is a new... Read more

Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber... Read more

VULNERABILITIES

Spook.js attack Bypasses Chrome's site isolation

3 years ago

Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers to leak sensitive data in a Spectre-style attack. The technique is a JavaScript-based line of attack that specifically aims to get around barriers put in place to ... Read more

Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved... Read more

VULNERABILITIES

Airtel’sFeds Warn of Ransomware Attacks Ahead of Labor Day mobile app hit with security flaw which left millions of user data exposed

3 years ago

The federal government has warned that threat actors might use the Labor Day weekend as a prime opportunity to ambush organizations when several staff would be taking time off, leaving behind a skeleton crew to oversee IT and network infrastructure and security. That’s because the absence of key personnel makes... Read more

The federal government has warned that threat actors might use the Labor Day weekend as... Read more

VULNERABILITIES

Proxy server vulnerability messing up with Exchange Server config

3 years ago

The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020 Microsoft Exchange security updates, but apparently, they found a second major security bug, nicknamed PROXYTOKEN. This vulnerability allows the attacker to bypass all the security authentications easily and make changes to the backend configuration of... Read more

The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020... Read more

VULNERABILITIES

Vulnerabilities exploited to Hack Linux Systems

3 years ago

Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce noxious web shells, ransomware, Trojans, and so on. The US-Japanese firm Trend Micro distributed a point-by-point examination on the Linux danger setting, featuring the difficulties and weaknesses that affected the OS in the main portion... Read more

Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce... Read more

VULNERABILITIES

Web Shells and Ransomware transmitted exploiting ProxyShell Vulnerabilities

3 years ago

The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three so-called “ProxyShell” vulnerabilities to compromise Microsoft Exchange Servers worldwide. They were discovered and demonstrated by Orange Tsai and his fellow research colleagues from DEVCORE Research Team at the Pwn2Own contest and also mentioned at the... Read more

The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three... Read more

VULNERABILITIES

'Bad Example' by Accenture for lack of transparency during ransomware attacks

3 years ago

When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile IT companies such as Accenture could help the industry by disclosing the attack details upfront. Their lack of disclosure is being heavily criticised and is seen as a missed opportunity to keep others well informed.... Read more

When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile... Read more

VULNERABILITIES

Terrorist watchlist with nearly 1.9M Records exposed

3 years ago

Volodymyr Diachenko, aka ‘Bob,’ the head of security research at Comparitech, revealed the discovery of a federal terror watchlist in his LinkedIn post on July 19th. It was a no-fly list with over 1.9 million records without any security protections or passwords. The no-fly list lists individuals considered dangerous from... Read more

Volodymyr Diachenko, aka ‘Bob,’ the head of security research at Comparitech, revealed the discovery of... Read more