Police Shut Down Largest DDoS-for-Hire Marketplace

A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK. Known as webstresser.org, the marketplace had 136,000 registered users and was responsible for around 4 million attacks to date, according to..
Read more

Get Ready for Another Critical Drupal Patch Related to Drupalgeddon2

Developers of the popular Drupal content management system plan to release a critical out-of-band patch April 25 that’s related to the actively exploited Drupalgeddon2 vulnerability fixed late last month. “There will be a security release of Drupal 7.x, 8.4.x, and 8.5.x on April 25th, 2018 between 16:00 – 18:00 UTC,” the Drupal developers said in..
Read more

Internet Explorer Zero-Day Exploit Reportedly Exploited in Targeted Attacks

Researchers from Chinese internet security firm Qihoo 360 have uncovered a sophisticated targeted attack which, according to them, exploits an unpatched vulnerability in Microsoft’s Internet Explorer browser. The company made the announcement in a short Twitter message and said that it shared technical details about the flaw with Microsoft. A bit more information about the..
Read more

Oracle Fixes Critical Vulnerabilities in Business Applications

Oracle has released a new quarterly critical patch update (CPU) for its product portfolio, fixing 254 vulnerabilities across 20 product families. More than two-thirds of those flaws are located in business-critical applications and 42 are rated critical. According to security firm Onapsis, the business applications with critical vulnerabilities include Communications Applications, Financial Services, Fusion Middleware,..
Read more

Widely Used WebEx Clients Have Critical Vulnerability

Cisco Systems has released security updates for the software clients installed by users who attend WebEx-based meetings to fix a critical vulnerability that could allow remote attackers to compromise their computers. “An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client,” Cisco..
Read more

Mobile Surveillance Malware Found on Google Play

Researchers have found sophisticated Android mobile surveillance programs created by cyberespionage groups on Google’s official Play store. Such malware is generally distributed in targeted attacks by tricking victims into downloading and installing trojanized apps from third-party sources, but the ability of attackers to host them on Google Play makes them much more dangerous. Multiple malicious..
Read more

Hackers Exploit Drupal Vulnerability to Install Cryptocurrency Miners

A highly critical vulnerability patched in the popular Drupal content management system two weeks ago is seeing a wave of exploits, some of which install cryptocurrency mining malware on servers. The vulnerability tracked as CVE-2018-7600 but also dubbed Drupalgeddon2, affects all versions of Drupal since version 6.x and was patched in late March. Due to..
Read more

Many Android Devices Miss Patches But Are Still Hard to Hack

New research shows that many Android devices are missing some security patches despite displaying patch levels that should include them. That said, implementing remote code execution attacks that can compromise Android devices without user interaction is very difficult, which is why cybercriminals continue to prefer social engineering over technical exploitation, researchers found. Researchers from Berlin-based..
Read more

Microsoft Fixes 66 Vulnerabilities Across Its Products

Microsoft’s April security updates include fixes for 66 vulnerabilities in Windows components, the Edge and Internet Explorer browsers, the Office suite, the Hyper-V hypervisor, Visual Studio and even a wireless keyboard. Of the 66 flaws, 22 are rated critical. “The majority of the Microsoft critical vulnerabilities are in browsers and browser-related technologies,” said Jimmy Graham,..
Read more

New Document Attack Exploits Design Behavior Rather than Macros

Malicious Microsoft Word documents sent via email are a hacker favorite when it comes to infecting computers, but researchers have recently observed an attack campaign that uses first-stage docs without any active malicious code. Instead of using macros or other embedded shellcode that might get blocked by Word’s security settings and which would require tricking..
Read more
Page 1 of 1412345...10...Last »