Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows operating system. SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to […]
New Malware Takes Commands From Memes Posted On Twitter
New Malware Takes Commands From Memes Posted On Twitter Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled […]
phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!
phpMyAdmin Releases Critical Software Update — Patch Your Sites Now! Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the […]
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched […]
New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps
New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps Facebook’s latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its […]
WordPress version 5.0.1 addressed several vulnerabilities
This week, the WordPress development team released on Thursday the version 5.0.1 of the popular CMS, that addresses several flaws. The Researcher Tim Coen discovered several cross-site scripting (XSS) vulnerabilities in the CMS. One of the flaws is caused by the ability of contributors to edit new comments from users with higher […]
Which are the worst passwords for 2018?
Which are the worst passwords for 2018? Which are the worst passwords for 2018? SplashData report confirms that 123456 is the most used password for the 5th year in a row Bad habits are hard to die, 123456 is the most used password for the 5th year in a row followed by “password”. […]
Twitter fixed bug could have exposed Direct Messages to third-party apps
Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol. The expert discovered that some permissions such as that to access […]
Siemens addresses multiple critical flaws in SINUMERIK Controllers
Siemens addresses multiple critical flaws in SINUMERIK Controllers Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues. Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as “critical.” The list of vulnerabilities includes DoS, privilege escalation and code execution flaws. […]
M2M protocols can be abused to attack IoT and IIoT systems
Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to a study conducted by experts from Trend Micro and the Polytechnic University of Milan. attackers abuse M2M protocols to target IoT and IIoT devices. The experts […]