Information Stealer "Fareit" Abuses PowerShell

Thursday, April 28, 2016

Researchers at Trend Micro have spotted a new variant of the Fareit malware being delivered to victims using Windows PowerShell. Fareit, also known as Pony Loader, is an information stealer malware family that has been making rounds since 2011. It recently joined the long list of threats that abuse the Windows PowerShell task automation and configuration management framework in their...

More »

Apple: WARNING: Software update #031-51913 breaks Ethernet port on most Macs (BCM5701 driver)

Saturday, February 27, 2016

UPDATE FROM APPLE: ************************************************************** Apple has pulled this bad update. This update installed on any Mac today makes ethernet ports stop working!  DO NOT INSTALL!!! I suggest running softwareupdate --schedule off as root to disable updates until Apple fixes this. The update is: ...

More »

Botnet of Aethra Routers Used for Brute-Forcing WordPress Sites

Wednesday, December 23, 2015

Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites. This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range....

More »

Security updates available for Adobe Flash Player

Tuesday, November 10, 2015

Security updates available for Adobe Flash Player Release date:  November 10, 2015 Vulnerability identifier:  APSB15-28 Priority:  See table below CVE number : CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662,...

More »

Joomla 3.4.5 Released Fixing a Serious SQL Injection Vulnerability

Tuesday, October 27, 2015

The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the  com_contenthistory  module (included by default) that allows for a full take over of the vulnerable site. Being proactive in the protection of your site is of one of the most important aspects of...

More »

Security update available for Adobe Shockwave Player

Tuesday, October 27, 2015

Security update available for Adobe Shockwave Player Release date:  October 27, 2015 Vulnerability identifier:  APSB15-26 CVE number:  CVE-2015-7649 Platform:  Windows and Macintosh Summary Adobe has released a security update for Adobe Shockwave Player. This update addresses a  critical...

More »

Security advisory: Stored XSS in Jetpack

Thursday, October 1, 2015

Security Risk : Dangerous Exploitation Level : Easy/Remote DREAD Score : 8/10 Vulnerability : Stored XSS Patched Version :  3.7.1 Vulnerability Disclosure Timeline: September 10th, 2015 – Initial report to Automattic security team September 10th, 2015 – Automattic security team acks receipt of report, sets patch date for September 22nd September 28th,...

More »

Hijacked Wordpress websites infect visitors with malware

Monday, September 21, 2015

Thousands of websites that run the content management system WordPress have been hijacked by hackers to infect unsuspecting visitors with malware exploits. Although the entire campaign was initiated 15 days ago, its activity has increased tremendously in the past 2 days, as the number of websites being hijacked per day increased from 1000 to 6000. The purpose of hijacking these websites is...

More »

Cisco spots attackers hijacking its networking gear by modifying firmware

Friday, August 14, 2015

Cisco has issued an official warning about in-the-wild attacks that resulted in attackers gaining and potentially keeping administrative access to a Cisco IOS device indefinitely. "Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image,"...

More »

WordPress 4.2.4 Security and Maintenance Release

Tuesday, August 11, 2015

WordPress 4.2.4 is now available. This is a  security release  for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of...

More »

RSS View RSS Feed