A serious security flaw has been discovered in the Marvell 88W8897A Wi-Fi chip, which is included in a number of mainstream devices. Security firm Embedi discovered a number of vulnerabilities in the chip’s firmware, and drew attention to the most serious flaw which allows devices to be compromised without any interaction from […]
Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that […]
France watchdog fines Google with $57 million under the EU GDPR
The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR. On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection […]
A flaw in MySQL could allow rogue servers to steal files from clients
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a […]
Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack
Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow […]
Collection #1 dump, 773 million emails, 21 million passwords
The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a […]
Attacks in the wild leverage flaw in ThinkPHP Framework
Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert […]
Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6
Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is […]
Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide
Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles. Israeli network security researcher Noam Rotem discovered the […]
Hackers infect e-commerce sites by compromising their advertising partner
Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as « Magecart Group 12, » recently successfully compromised nearly 277 e-commerce websites by using […]