Articles that are tagged
VULNERABILITIES
Squirrel Engine Bug lets attackers hack games and cloud services
50 weeks ago
Squirrel is an open-source, object-oriented programming language used for scripting video games and in IoT devices and distributed transaction processing platforms such as Enduro/X. Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that attackers can abuse to break out of the sandbox restrictions and execute... Read more
Squirrel is an open-source, object-oriented programming language used for scripting video games and in... Read more
VULNERABILITIES
Cyber Puppeteer Kits: The New Financial Services Security Threat
1 year ago
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber puppeteer kit. They are a substantial threat to an organization’s employees, customers, critical assets and more. A cyber puppeteer kit, also referenced as “live panels” among the threat actors that operate them, is a new... Read more
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber... Read more
VULNERABILITIES
Spook.js attack Bypasses Chrome's site isolation
1 year ago
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers to leak sensitive data in a Spectre-style attack. The technique is a JavaScript-based line of attack that specifically aims to get around barriers put in place to ... Read more
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved... Read more
VULNERABILITIES
Airtel’sFeds Warn of Ransomware Attacks Ahead of Labor Day mobile app hit with security flaw which left millions of user data exposed
1 year ago
The federal government has warned that threat actors might use the Labor Day weekend as a prime opportunity to ambush organizations when several staff would be taking time off, leaving behind a skeleton crew to oversee IT and network infrastructure and security. That’s because the absence of key personnel makes... Read more
The federal government has warned that threat actors might use the Labor Day weekend as... Read more
VULNERABILITIES
Proxy server vulnerability messing up with Exchange Server config
1 year ago
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020 Microsoft Exchange security updates, but apparently, they found a second major security bug, nicknamed PROXYTOKEN. This vulnerability allows the attacker to bypass all the security authentications easily and make changes to the backend configuration of... Read more
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020... Read more
VULNERABILITIES
Vulnerabilities exploited to Hack Linux Systems
1 year ago
Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce noxious web shells, ransomware, Trojans, and so on. The US-Japanese firm Trend Micro distributed a point-by-point examination on the Linux danger setting, featuring the difficulties and weaknesses that affected the OS in the main portion... Read more
Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce... Read more
VULNERABILITIES
Web Shells and Ransomware transmitted exploiting ProxyShell Vulnerabilities
1 year ago
The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three so-called “ProxyShell” vulnerabilities to compromise Microsoft Exchange Servers worldwide. They were discovered and demonstrated by Orange Tsai and his fellow research colleagues from DEVCORE Research Team at the Pwn2Own contest and also mentioned at the... Read more
The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three... Read more
VULNERABILITIES
'Bad Example' by Accenture for lack of transparency during ransomware attacks
1 year ago
When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile IT companies such as Accenture could help the industry by disclosing the attack details upfront. Their lack of disclosure is being heavily criticised and is seen as a missed opportunity to keep others well informed.... Read more
When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile... Read more
VULNERABILITIES
Terrorist watchlist with nearly 1.9M Records exposed
1 year ago
Volodymyr Diachenko, aka ‘Bob,’ the head of security research at Comparitech, revealed the discovery of a federal terror watchlist in his LinkedIn post on July 19th. It was a no-fly list with over 1.9 million records without any security protections or passwords. The no-fly list lists individuals considered dangerous from... Read more
Volodymyr Diachenko, aka ‘Bob,’ the head of security research at Comparitech, revealed the discovery of... Read more