Apple has released an emergency patch in iOS 12.4.1 that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak. Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices. Experts discovered that the iOS version 12.4 released in June has reintroduced a security […]
The Binance cryptocurrency exchange revealed that leaked users’ KYC data were obtained by hackers from a third-party vendor. In July, the hack of the Binance cryptocurrency exchange made the headlines, hackers stole$41 Million worth of Bitcoin (over 7,000 bitcoins) from Binance. Binance is one of the worldâs largest cryptocurrency exchanges, its founder and CEO Changpeng Zhao confirmed that the hackers […]
The popular Hosting provider Hostinger disclosed a recent security breach that allowed unauthorized access to a client database. Hostinger, one of the biggest hosting providers, disclosed a recent security breach that allowed attackers to access a client database. The security breach took place on August 23 and may have impacted up to 14 million Hostinger […]
BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure âPulse Connect Secureâ VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure âPulse Connect Secureâ VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS […]
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! At least 23 Texas local governments […]
DOJ charged 80 people, most of them are Nigerian nationals, with participating in massive BEC and romance scams that collected millions of dollars. Federal authorities arrested 80 people accused participating in massive BEC and romance scams that raked millions of dollars from victims worldwide. The suspected fraudsters, many of whom are Nigerian nationals, prosecutors say, who […]
The Internal Revenue Service (IRS) is warning of an active IRS impersonation scam campaign sending spam emails to distribute malware. The Internal Revenue Service (IRS) issued an alert to warn taxpayers of a new scam campaign distributing malware. Last week the US agency has received several reports from taxpayers that received spam messages with “Automatic Income […]
Researchers at Wordfence reported an ongoing hacking campaign exploiting security flaws in some WordPress plugins. Researchers from Wordfence uncovered an ongoing hacking campaign exploiting security vulnerabilities in some WordPress plugins to redirect visitors to websites under the control of the attackers. The campaign specifically targeted flaws in WordPress plugins developed by the developer NicDark (now […]
Cisco has released a hardware tool, called 4CAN, developed to help researchers to discover vulnerabilities in automotive systems. Computer systems in modern vehicles are very complex, they contain a huge quantity of devices and units that exchange a lot of data in real-time. These components communicate via the vehicleâs network, dubbed Controller Area Network (CAN). […]
Some versions of the Squid web proxy cache server built with Basic Authentication features are affected by a heap buffer overflow vulnerability. The heap buffer overflow security flaw, tracked as CVE-2019-12527, could be exploited by attackers to trigger DoS condition and also to execute arbitrary code on the vulnerable servers. The flaw received a high severity CVSS […]