-
New Black Basta decryptor exploits ransomware flaw to recover files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.
- December 30, 2023
- 10:14 AM
0
-
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
- September 30, 2023
- 10:16 AM
5
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
GitLab urges users to install security updates for critical pipeline flaw
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
- September 19, 2023
- 01:06 PM
- 0
-
WordPress migration add-on flaw could lead to data breaches
All-in-One WP Migration, a popular data migration plugin for WordPress sites that has 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information.
- August 30, 2023
- 02:37 PM
- 0
-
Norwegian government IT systems hacked using zero-day flaw
The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software.
- July 24, 2023
- 11:14 AM
- 0
-
Cisco SD-WAN vManage impacted by unauthenticated REST API access
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance.
- July 13, 2023
- 05:53 PM
- 0
-
MITRE releases new list of top 25 most dangerous software bugs
MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.
- June 29, 2023
- 12:28 PM
- 0
-
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account.
- June 20, 2023
- 12:38 PM
- 0
-
SAP releases security updates for two critical-severity flaws
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform.
- April 11, 2023
- 04:54 PM
- 0
-
Clop ransomware flaw allowed Linux victims to recover files for months
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months.
- February 07, 2023
- 06:00 AM
- 1
-
Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks
A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks.
- November 23, 2022
- 10:59 AM
- 0
-
MITRE shares this year's list of most dangerous software bugs
MITRE shared this year's top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years.
- June 28, 2022
- 12:29 PM
- 1
-
UK govt releasing Nmap scripts to find unpatched vulnerabilities
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.
- January 25, 2022
- 01:45 PM
- 1
-
Microsoft Azure App Service flaw exposed customer source code
A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code for at least four years, since 2017.
- December 22, 2021
- 02:15 PM
- 0
-
Garrett walk-through metal detectors can be remotely manipulated
Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.
- December 21, 2021
- 10:23 AM
- 2
-
MITRE shares list of most dangerous hardware weaknesses
MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year.
- November 02, 2021
- 08:27 AM
- 0
-
Microsoft WPBT flaw lets hackers install rootkits on Windows devices
Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.
- September 25, 2021
- 11:16 AM
- 2
-
MITRE updates list of top 25 most dangerous software bugs
MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.
- July 22, 2021
- 09:35 AM
- 1
-
Avaddon ransomware fixes flaw allowing free decryption
The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor.
- February 11, 2021
- 06:30 PM
- 3
-
Facebook Messenger bug allowed Android users to spy on each other
Facebook fixed a critical flaw in the Facebook Messenger for Android messaging app that allowed callers to listen to other users' surroundings without permission before the person on the other end picked up the call.
- November 19, 2020
- 02:59 PM
- 0
- 1
- 2
