255
A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers.

Electron is an open source app development framework that powers thousands of widely-used desktop applications including WhatsApp, Skype, Signal, Wordpress, Slack, GitHub Desktop, Atom, Visual Studio


255
With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow.

PGP and S/MIME are popular end-to-end encryption standards used to encrypt emails in a way that no one, not


255
Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software.

A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC.

Out of 47, Adobe Acrobat and Reader affect with 24 critical vulnerabilities—


254
Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels.

However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using


250
For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability.

Discovered Monday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing remote attackers to inject malicious


254
A Google security researcher has discovered a critical remote command injection vulnerability in the DHCP client implementation of Red Hat Linux and its derivatives like Fedora operating system.

The vulnerability, tracked as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems.

Whenever your system joins a network, it’s the DHCP client


252
After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works.

As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code injection vulnerability discovered and reported by a team of white-hat hackers from Argentina.
<!


253
Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware.

Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users


252
Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction.

Discovered by Alfredo Ortega, a software security consultant from Argentina, the vulnerability was


253
Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly.

Precisely, it's your device manufacturer (Android OEMs) actually who takes time to roll out security patches for your devices and sometimes, even has been caught lying about security updates, telling customers that their


252
Well, that did not take long.

Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices.

Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of


252
It turns out that macOS client for the popular end-to-end encrypted messaging app Signal fails to properly delete disappearing (self-destructing) messages  from the recipient's system, leaving the content of your sensitive messages at risk of getting exposed.

For those unaware, the disappearing messages in Signal self-destruct after a particular duration set by the sender, leaving no trace of


253
Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks.

Dubbed Safe Links, the feature has been included in Office 365 software as part of Microsoft's Advanced Threat Protection (ATP) solution that works by replacing


253
Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.

The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS


253
Twitter is urging all of its 330 million users to change their passwords after a software glitch unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.

The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.
<!-- adsense -->
According to Twitter CTO Parag Agrawal, Twitter hashes


255
A team of security researchers has reportedly discovered a total of eight new "Spectre-class" vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well.

Dubbed Spectre-Next Generation, or Spectre-NG, the partial details of the vulnerabilities were first leaked to journalists at German computer magazine Heise,


254
For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely.

Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones.


252
Happy 'World Password Day'!

Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that:


Your password must—be long
Your password must—be unpredictable
Your password must—have at least one number
Your password must—not have any dictionary word
Your password must—have upper and lowercase letters
Your


251
Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, including Dating on Facebook, letting users clear their web browsing history, real-time language translation within Messenger, and many more.

Besides announcing exciting features for its social media platform, Facebook CEO Mark Zuckerberg also gave us a quick look at the features Facebook introduced


250
If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought.

Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts’


255
"Alexa, are you spying on me?" — aaaa.....mmmm.....hmmm.....maybe!!!

Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.

Amazon Echo is an always-listening voice-activated smart home speaker that allows you to get things done by using your voice, like playing music, setting


253
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server.

However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a


1

Explains how to secure Memcached server to avoid DDoS (Distributed Denial of Service) amplification attacks based on Memcached on Linux or Unix-like system.


1

▂▃▅▇█▓▒░Anon(Ḧḭṽḕ)░▒▓█▇▅▃▂ ====================================================== Death of Heartprogress ====================================================...



 


1

In the current era of mass malware it's becoming increasingly rare to find something beyond the ‘usual suspects’ we see being spread by high-profile botnets on a regular basis. However, in amongst the digital haystack there exists the occasional needle: we recently came across a sample apparently disguised as a LogMeIn service pack which generated notable amounts of 'unusual' DNS requests. Deeper investigation revealed something of a flawed gem, ultimately designed to steal magnetic stripe payment card data: a hallmark of ATM/PoS malware.


1

An unpatched application-level denial of service (DoS) vulnerability in WordPress websites could help hackers take down nearly any WordPress website


1

Security researchers have discovered more than 130 malware samples trying to exploit Spectre and Meltdown chip flaws.


1

On Tuesday, News said a bug lets any software gain entrance to parts of a computer’s memory that are set out to preserve things like passwords. All machines with Intel chips from the past 10 years appear to be touched, the report said, and updates to Microsoft Corp.’s Windows and Mac OS will be required. The security updates may slow down older device by as much as 30 percent, according to News.


1

Discovered by UpGuard defense researcher Chris Vickery, the databases were entitled “CENTCOM-backup,” “CENTCOM-archive,” and “pacom-archive.”



Based on their titles, it was obvious the databases related to US Central Command (CENTCOM) and US Pacific Command (PACOM), two of the DOD’s combatant command operations.



According to the researcher, the data received from the databases did not include any sensible details. Instead, the databases were constructed by scraping the Internet for publicly available social media posts, forum post

Read More
s, blogs, news comments, and similar postings.


1

National Security Agency or the NSA as we know it is America’s most influential intelligence agency. Previously fairly anonymous to masses; the agency came in the news when one of its ex-contractors Edward Snowden started releasing highly sensitive data exposing how the NSA secretly

Read More
spied on millions of people around the world and stored data on unsuspecting populous.


1

A group of Muslim hacktivists from Ahlus Sunnah Wal Jamaah, the Sunni sect of Islam and going by the online handle of Di5s3nSi0N hacked the official website of ISIS/ISIL (Daesh) and leaked a list of more than 2000 people who had subscribed to the site’s newsletter and updates through email.


What is Plikli?

Plikli is an open source content management system that lets you easily create your own user-powered website.

BMC logoBuy me a coffee
Latest Comments
Statistics