Standard Post with Image

Amazon Alexa Has Got Some Serious Skills—Spying On Users!

“Alexa, are you spying on me?” — aaaa…..mmmm…..hmmm…..maybe!!!

Security researchers have developed a new malicious ‘skill’ for Amazon’s popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.

Amazon Echo is an always-listening voice-activated smart home speaker that allows you to get things done by using your voice, like playing music, setting alarms, and answering questions.

Read More
Standard Post with Image

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild.

Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered Drupalgeddon2 (CVE-2018-7600) flaw allowed—complete take over of affected websites.

Read More
Standard Post with Image

Hackers build a 'Master Key' that unlocks millions of Hotel rooms

If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider.

A critical design vulnerability in a popular and widely used electronic lock system can be exploited to unlock every locked room in a facility, leaving millions of hotel rooms around the world vulnerable to hackers.

Read More
Standard Post with Image

Third Critical Drupal Flaw Discovered

Damn! You have to update your Drupal websites.

Yes, of course once again—literally it’s the third time in last 30 days.

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core.

Read More
Standard Post with Image

Police Shut Down World's Biggest 'DDoS-for-Hire' Service–Admins Arrested

In a major hit against international cybercriminals, the Dutch police have taken down the world’s biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators.

An operation led by the UK’s National Crime Agency (NCA) and the Dutch Police, dubbed “Power Off,” with the support of Europol and a dozen other law enforcement agencies, resulted in the arrest of 6 members of the group behind the “webstresser.org” website in Scotland, Croatia, Canada and Serbia on Tuesday.

With over 136,000 regi

Read More
Standard Post with Image

Remote Execution Flaw Threatens Apps Built Using Spring Framework

Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it.

Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications.

Read More
Standard Post with Image

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis.

VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines simultaneously.

Read More
Standard Post with Image

Facebook admits public data of its 2.2 billion users has been compromised

Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information.

On Wednesday, Facebook CEO Mark Zuckerberg revealed that “malicious actors” took advantage of “Search” tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide.

Read More
Looking for older posts? View our Archives