Exploit for Windows DoS zero-day published, patch out on Tuesday?
A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. The bug It is a memory …
Cisco WebEx extension opens Chrome users to drive-by malware attacks
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website. The vulnerability, …
Shadow Brokers say goodbye, leak a batch of Windows hacking tools
The Shadow Brokers, a group (?) of hackers that has made a big splash in August last year by leaking and offering for sale exploits supposedly stolen from the infamous …
Nagios Core 4.2.4 closes serious root privilege escalation bug
If you’re using Nagios Core to monitor your systems, networks and infrastructure, and you have not updated to version 4.2.4, you better hop to it. This latest release …
Netgear pushes out beta firmware for vulnerable router models
Netgear has confirmed that eight of its router models are vulnerable to device hijacking due to a vulnerability that can be easily exploited by remote, unauthenticated …
Critical flaw opens Netgear routers to hijacking
Several Netgear router models can be easily hijacked by remote, unauthenticated attackers, CERT/CC has warned on Friday. The vulnerability that allows this takeover can be …
Actively exploited Firefox, Tor Browser 0-day patched, update now!
Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users. It is still …
Firefox 0-day exploited in the wild to unmask Tor users
An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser …
Researchers identify domain-level service credential exploit
CyberArk Labs unveiled new research detailing what it considers to be a significant risk across all Windows endpoints, including those on Windows 10 with Credential Guard …
Critical Linux bug opens systems to compromise
Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers – both local and remote – to obtain root shell on …
Pawn Storm raced to pop many targets before Windows zero-day patch release
As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking …
OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts
Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of …