exploit

Spoofed IRS notice delivers RAT through link updating trick

September 22, 2017

The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails …

Easily exploitable Apache Struts vulnerability opens businesses to attack

September 6, 2017

A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …

Attackers turn to auto-updating links instead of macros to deliver malware

August 18, 2017

SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …

Researchers pull off DNA-based malicious code injection attack

August 11, 2017

Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a …

Attackers are taking over NAS devices via SambaCry flaw

July 18, 2017

A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro …

Stack Clash bug could give root privileges to attackers on Unix, Linux systems

June 20, 2017

Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to …

How the CIA hacked wireless home routers

June 16, 2017

For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through …

Joomla users: Update immediately to kill severe SQLi vulnerability

May 18, 2017

Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found. As explained by researcher …

Are you ready for a second wave of WannaCry ransomware?

May 14, 2017

WannaCry is a name that made many cry in frustration this weekend, and the danger is still not over. The first onslaught According to Europol director Rob Wainwright, over …

Cisco patches leaked 0-day in 300+ of its switches

May 10, 2017

Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been …

Defeating Magento security mechanisms: Attacks used in the real world

May 9, 2017

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in …

WordPress admins, take note: RCE and password reset vulnerabilities revealed

May 4, 2017

Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …