A DOM-based cross-site scripting vulnerability in the cloud-based development platform Wix.com put million websites at risk. The cloud-based development platform Wix.com is affected by a DOM-based cross-site scripting vulnerability that could be exploited by attackers to gain full control over any website running on the popular platform. Millions of websites hosted on Wix.com are potentially […]
The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski (@dawid_golunski) from Legal […]
Cisco Talos group analyzed the evolution of the Sundown exploit kit that over the past six months has become responsible for a large number of infections. Over the past months, the threat landscape for exploit kits is rapidly changing. Angler EK, Neutrino EK, and Nuclear EK that for years monopolized the criminal underground disappeared. Now, […]
Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer that could be used for surveillance purposes. Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in […]
Executive vice president of Microsoft’s Windows and Devices group revealed that Windows Kernel zero-day recently disclosed was used by the Fancy Bear APT. On Oct. 31, the Google Threat Analysis Group publicly disclosed a vulnerability in the Windows kernel that is actively being exploited by threat actors in the wild. The zero-day could be exploited […]
Experts from ERPScan revealed that a SAP flaw patched in September still impacts more than 900 SAP systems exposed to the Internet. An information disclosure vulnerability in SAP that was patched in September impacts more than 900 SAP systems that are exposed to the Internet. According to the expert Sergiu Popa from Quenta Solutions who reported the […]
The British Government announces an active defence posture in response to nation-state cyber attacks, Chancellor warns UK will retaliate against attacks. Hacking back, or “active defence” as security experts prefer to call it, is becoming a high debated argument. While the number of cyber attacks continues to increase and attackers are using even more sophisticated techniques, many Governments […]
Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]
Security researchers at CRITIFENCE cyber security labs publicly announced this morning (November 1, 2016) major cyber security vulnerabilities affecting one of the world’s largest manufacturers of SCADA and Industrial Control Systems, Schneider Electric. The zero-day vulnerabilities dubbed PanelShock, found earlier this year by Eran Goldstein, CTO and Founder of CRITIFENCE, a leading Critical Infrastructure, […]
A former employee of the Office of the Comptroller of the Currency downloaded 10,000 records onto thumb drives before his retirement in November 2015. On Friday, the US banking regulator told Congress about a potential “major information security incident” after it discovered that a former employee has downloaded a large number of files onto thumb drives […]