exploit Archives - Page 9 of 40

exploit

Easily exploitable Apache Struts vulnerability opens businesses to attack

September 6, 2017

A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …

Attackers turn to auto-updating links instead of macros to deliver malware

August 18, 2017

SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …

Researchers pull off DNA-based malicious code injection attack

August 11, 2017

Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a …

Attackers are taking over NAS devices via SambaCry flaw

July 18, 2017

A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro …

Stack Clash bug could give root privileges to attackers on Unix, Linux systems

June 20, 2017

Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to …

How the CIA hacked wireless home routers

June 16, 2017

For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through …

Joomla users: Update immediately to kill severe SQLi vulnerability

May 18, 2017

Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found. As explained by researcher …

Are you ready for a second wave of WannaCry ransomware?

May 14, 2017

WannaCry is a name that made many cry in frustration this weekend, and the danger is still not over. The first onslaught According to Europol director Rob Wainwright, over …

Cisco patches leaked 0-day in 300+ of its switches

May 10, 2017

Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been …

Defeating Magento security mechanisms: Attacks used in the real world

May 9, 2017

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in …

WordPress admins, take note: RCE and password reset vulnerabilities revealed

May 4, 2017

Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …

Attackers exploited SS7 flaws to empty Germans’ bank accounts

May 4, 2017

Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their …

exploit

Easily exploitable Apache Struts vulnerability opens businesses to attack

Attackers turn to auto-updating links instead of macros to deliver malware

Researchers pull off DNA-based malicious code injection attack

Attackers are taking over NAS devices via SambaCry flaw

Stack Clash bug could give root privileges to attackers on Unix, Linux systems

How the CIA hacked wireless home routers

Joomla users: Update immediately to kill severe SQLi vulnerability

Are you ready for a second wave of WannaCry ransomware?

Cisco patches leaked 0-day in 300+ of its switches

Defeating Magento security mechanisms: Attacks used in the real world

WordPress admins, take note: RCE and password reset vulnerabilities revealed

Attackers exploited SS7 flaws to empty Germans’ bank accounts

Don't miss

Why enterprises need rugged devices with integrated endpoint management systems

Five factors driving investment in IDV

CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses

2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?

Third-party risk management programs still largely a checkbox exercise