CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild

Drupalgeddon continues with one more remote code execution bug has been discovered in content management system. Identified as CVE-2018-7602, the highly critical vulnerability affects Drupal versions 7.x and 8.x. Affected users should immediately upgrade to Drupal v7.59 and 8.5.3. The...Read more The post CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild appeared first on How to, Technology and PC Security Forum | SensorsTechForum.com.
Read more

Police Shut Down Largest DDoS-for-Hire Marketplace

A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK. Known as webstresser.org, the marketplace had 136,000 registered users and was responsible for around 4 million attacks to date, according to..
Read more

Cyber Scorecarding Services

Ample evidence exists to underline that shortcomings in a third-parties cyber security posture can have an extremely negative effect on the security integrity of the businesses they connect or partner with. Consequently, there’s been a continuous and frustrated desire for a couple of decades for some kind of independent verification or scorecard mechanism that can help primary organizations validate and quantify the overall security posture of the businesses they must electronically engage with.A couple decades ago organizations could host a small clickable logo on their websites – often depicting a tick or permutation of a “trusted” logo – that...
Read more

Get Ready for Another Critical Drupal Patch Related to Drupalgeddon2

Developers of the popular Drupal content management system plan to release a critical out-of-band patch April 25 that’s related to the actively exploited Drupalgeddon2 vulnerability fixed late last month. “There will be a security release of Drupal 7.x, 8.4.x, and 8.5.x on April 25th, 2018 between 16:00 – 18:00 UTC,” the Drupal developers said in..
Read more

Internet Explorer Zero-Day Exploit Reportedly Exploited in Targeted Attacks

Researchers from Chinese internet security firm Qihoo 360 have uncovered a sophisticated targeted attack which, according to them, exploits an unpatched vulnerability in Microsoft’s Internet Explorer browser. The company made the announcement in a short Twitter message and said that it shared technical details about the flaw with Microsoft. A bit more information about the..
Read more

Security Boulevard’s 5 Most Read Stories for the Week, April 16-20

A new week, a new crop of security stories. Last week, sophisticated attackers, desktop security, healthcare data breaches and data security in GDPR made headlines, as well as Multi-Factor Authentication featured in the our latest cartoon series called, “Shimmytoons.” Missed out on any of the news? Here are the five most-read stories on Security Boulevard to help you out.
Read more

Oracle Fixes Critical Vulnerabilities in Business Applications

Oracle has released a new quarterly critical patch update (CPU) for its product portfolio, fixing 254 vulnerabilities across 20 product families. More than two-thirds of those flaws are located in business-critical applications and 42 are rated critical. According to security firm Onapsis, the business applications with critical vulnerabilities include Communications Applications, Financial Services, Fusion Middleware,..
Read more

Autofill with LinkedIn Bug Could Lead to User Data Harvesting

A critical security bug has been discovered in LinkedIn, more specifically in a social button. The exploit of the bug could have led to harvesting of LinkedIn users’ information, including information that wasn’t public. The discovery was made by Jack...Read more The post Autofill with LinkedIn Bug Could Lead to User Data Harvesting appeared first on How to, Technology and PC Security Forum | SensorsTechForum.com.
Read more

Widely Used WebEx Clients Have Critical Vulnerability

Cisco Systems has released security updates for the software clients installed by users who attend WebEx-based meetings to fix a critical vulnerability that could allow remote attackers to compromise their computers. “An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client,” Cisco..
Read more
Page 1 of 1712345...10...Last »