New problems for Facebook, the social network giant announced that a bug related to Photo API could have allowed third-party apps to access usersâ photos. Facebook announced that photos of 6.8 Million users might have been exposed by a bug in the Photo API allowing third-party apps to access them.  The bug impacted up over 870 […]
This week, the WordPress development team released on Thursday the version 5.0.1 of the popular CMS, that addresses several flaws. The Researcher Tim Coen discovered several cross-site scripting (XSS) vulnerabilities in the CMS. One of the flaws is caused by the ability of contributors to edit new comments from users with higher privileges. Coen also discovered that it […]
Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […]
The French foreign ministry announced today that its travel alert registry website had been hacked and personal data of citizens “could be misused”. The French foreign ministry confirmed tha hackers breached into the Ariane system, its travel alert registry website, and personal data of citizens “could be misused”. The Ariane system provides security alerts to registered […]
McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in […]
InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers for 120 million Brazilian taxpayers In March 2018, security experts at InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers, or Cadastro de Pessoas FĂsicas (CPFs), for 120 million Brazilian nationals. It is not clear how long data remained exposed online or who accessed them. […]
A new variant of the Shamoon malware, aka DistTrack, was uploaded to VirusTotal from Italy this week, but experts havenât linked it to a specific attack yet. Shamoon was first observed in 2012 when it infected and wiped more than 30,000 systems at Saudi Aramco and other oil companies in the Middle East. Four years later, a […]
Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week.  Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors. The attack has […]
Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability (CVE-2018-8611) has been exploited by several threat actors. Microsoftâs Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. The flaw, tracked as CVE-2018-8611, is as a privilege escalation flaw caused by the failure of […]
Security experts at Trend Micro have discovered a new exploit kit, dubbed Novidade (ânoveltyâ in Portuguese), that is targeting SOHO routers to compromise the devices connected to the network equipment. The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected […]