A flaw in the open-source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary […]
Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could […]
Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware […]
VLC player is still affected by a critical heap-based memory buffer over-read condition, tracked as CVE-2019-13615, that could be exploited by a remote attacker to execute arbitrary code. The VLC player is still affected by a critical remote code execution vulnerability tracked as CVE-2019-13615. The potential impact of the flaw is important because the software […]
New problems for Huawei, the Czech unit of telecoms giant secretly collected personal data customers, officials and business partners. Huawei made the headlines again, according to the Czech public radio the Czech unit of Chinese telecoms giant secretly collected personal data of customers, officials, and business partners. The radio cited two former Huawei managers as […]
Security experts have discovered a critical remote code execution flaw in Palo Alto Networks GlobalProtect product, the flaw was quickly addressed. Last week, researchers Orange Tsai and Meh Chang published technical details of a critical remote code execution vulnerability that affects Palo Alto Networks’s GlobalProtect. The vulnerability, tracked as CVE-2019-1579, affects the GlobalProtect portal and […]
The Wall Street Journal revealed that Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. According to The Wall Street Journal, Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach. The security breach suffered by Equifax in 2017 exposed […]
BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance’s AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue. […]
The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge […]
Bad news for citizens of Kazakhstan, the government is beginning to intercept all the encrypted traffic, and to do it, it is forcing them to install a certificate. The Kazakhstan government is beginning to intercept all the encrypted traffic and to do it is forcing users in the country to install a certificate. The Kazakhstan […]