Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C. Demchak and Yuval Shavitt revealed in a recent paper that over the past years, China Telecom has been misdirecting Internet traffic through China. China Telecom was a brand of the […]
The U.S. Cyber Command (USCYBERCOM) CNMF is sharing malware samples with the cybersecurity industry via VirusTotal intelligence service. The U.S. Cyber Command (USCYBERCOM) is providing unclassified malware samples to VirusTotal intelligence service with the intent of sharing them with cybersecurity industry. The USCYBERCOM’s Cyber National Mission Force (CNMF) is going to share the unclassified malware samples on […]
Security expert discovered a stored XSS flaw in the Evernote app for Windows that could be exploited to steal files and execute arbitrary commands. A security expert that goes online with the moniker @sebao has discovered a stored cross-site scripting (XSS) vulnerability in the Evernote application for Windows that could be exploited by an attacker to steal files and execute […]
The United States Air Force announced earlier this week that it has launched the third bug bounty program called Hack the Air Force 3.0. The United States Air Force launched earlier this week its third bug bounty program, called Hack the Air Force 3.0, in collaboration with HackerOne. “Thank you for your interest in participating in HackerOne’s U.S. […]
A critical Remote Code Execution vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. A critical vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. WooCommerce is one of the major eCommerce plugins for WordPress that allows operators to easily build e-stores based on the popular CMS, it accounts for more than 4 million installations with 35% […]
Security expert disclosed the details of a zero-day flaw affecting Oracle’s VirtualBox virtualization software without waiting for a patch from Oracle The security expert Sergey Zelenyuk has disclosed the details of a zero-day vulnerability affecting Oracle’s VirtualBox virtualization software that could be exploited by an attacker to make a guest-to-host escape. Zelenyuk publicly disclosed the vulnerability […]
HSBC Bank USA notified customers of a data breach that has happened between Oct 4 and Oct 14, unknown attackers were able to access their online accounts. HSBC Bank USA notified customers of a data breach that has happened between October 4 and October 14, unknown attackers were able to access online accounts of the financial institution. Exposed info […]
Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to […]
Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets. According to CryptoIns analysts, […]
The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. The flaws were discovered by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, the duo discovered that it is possible to bypass password-based authentication to access to […]