Assume your Drupal 7 site has been compromised
Administrators of sites that run Drupal 7, and have not yet updated to version 7.32 or have done so later than 7 hours after the public revelation of the highly critical SQL …
Attackers bypass Sandworm patch with new 0-day
The Sandworm vulnerability has been patched, but unfortunately attackers have discovered a way to bypass the patch and continue with their targeted attacks. “As with …
Two exploit kits prey on Flash Player flaw patched only last week
Two exploit kits have been outfitted with the exploit for a Flash Player vulnerability that has been patched only a week ago, the researcher that goes by the handle Kafeine …
Windows 0-day exploited in ongoing attacks, temporary workarounds offered
Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations …
Malicious YouTube ads lead to exploits, ransomware
In the last few months, Trend Micro researchers have been following a malvertising campaign that ended up affecting almost exclusively US users at the beat of more than …
Bash “Shellshock” bug: Who needs to worry?
As expected, attackers have begun exploiting the GNU Bash “Shellshock” remote code execution bug (CVE-2014-6271) to compromise systems and infect them with …
Malvertising attack techniques dissected
At Virus Bulletin 2014, Bromium presented a research report that highlights the severe risk of malicious ad networks infecting end users. This research provides a real-world …
Critical Bash bug opens Unix, Linux, OS X systems to attacks
The Bash “shellshock” flaw (CVE-2014-6271) was discovered last week by Unix/Linux specialist Stephane Chazelas, and its existence was made public on Wednesday. It …
Critical Android Browser bug threatens users’ privacy
Earlier this month, security researcher Rafay Baloch has released a proof-of-concept exploit that takes advantage of a vulnerability in an Android Browser’s security …
Researcher creates exploit for compromising scammers’ computers
Even if you never had to deal personally with “Windows support” scammers, chances are someone you know did or you have heard about these type of scams. These …
Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free …
Heartbleed still a critical threat
Cyber attackers have been quick to exploit the Hearbleed OpenSSL bug, to the tune of hundreds of thousand attacks per day in the week after the public revelation of its …
Featured news
Sponsored
Don't miss
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
- Is an open-source AI vulnerability next?
- OWASP dep-scan: Open-source security and risk audit tool
- Ebury botnet compromises 400,000+ Linux servers