Standard Post with Image

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild.

Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered Drupalgeddon2 (CVE-2018-7600) flaw allowed—complete take over of affected websites.

Read More
Standard Post with Image

Hackers build a 'Master Key' that unlocks millions of Hotel rooms

If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider.

A critical design vulnerability in a popular and widely used electronic lock system can be exploited to unlock every locked room in a facility, leaving millions of hotel rooms around the world vulnerable to hackers.

Read More
Standard Post with Image

Third Critical Drupal Flaw Discovered

Damn! You have to update your Drupal websites.

Yes, of course once again—literally it’s the third time in last 30 days.

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core.

Read More
Standard Post with Image

Police Shut Down World's Biggest 'DDoS-for-Hire' Service–Admins Arrested

In a major hit against international cybercriminals, the Dutch police have taken down the world’s biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators.

An operation led by the UK’s National Crime Agency (NCA) and the Dutch Police, dubbed “Power Off,” with the support of Europol and a dozen other law enforcement agencies, resulted in the arrest of 6 members of the group behind the “webstresser.org” website in Scotland, Croatia, Canada and Serbia on Tuesday.

With over 136,000 regi

Read More
Standard Post with Image

Remote Execution Flaw Threatens Apps Built Using Spring Framework

Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it.

Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications.

Read More
Standard Post with Image

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis.

VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines simultaneously.

Read More
Standard Post with Image

Facebook admits public data of its 2.2 billion users has been compromised

Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information.

On Wednesday, Facebook CEO Mark Zuckerberg revealed that “malicious actors” took advantage of “Search” tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide.

Read More
Standard Post with Image

3 Great Uses for Blockchain

Blockchain technology has been around for some time now. It was first described in 1991 by Stuart Haber and W. Scott Stornetta, but wasn’t known mainstream until the technology was used in Bitcoin in 2008.

Blockchain is described as a public ledger for all transactions on a network. Due to it’s sequential nature the leger can be distributed between computer systems and permit anyone to validate the entries. This allows a consensus to be formed and ensures the integrity of the ledger.

Read More
Standard Post with Image

Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges

Whether you’re a developer, designer or a writer, a good text editor always help you save time and make you work more efficiently.

For example, I use Sublime a lot while programming because it includes some useful tools like ‘syntax highlighting’ and ‘autocomplete’ that every advanced text editor should have.

Read More
Standard Post with Image

MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.

Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated from the Internet and local networks, requiring physical access to access data via a USB flash drive or other removable media.

Read More
Looking for older posts? View our Archives