Collaborate Disseminate
The Drupal Project has released patches for a highly critical vulnerability that affects all supported versions of the popular CMS, is very easy to exploit and can lead to a complete compromise of affected websites. The vulnerability, which the Drupal… Continue reading Drupal Websites at Risk Due to Highly Critical Vulnerability
Microsoft’s January and February patches for the Meltdown vulnerability introduced an even more dangerous flaw that left Windows 7 and Server 2008 R2 systems vulnerable to complete compromise. The bug is somewhat ironic because it gives user-mod… Continue reading Meltdown Patches Left Windows 7, Server 2008 Systems Even More Vulnerable
The Spanish National Police has arrested the suspected leader of a cybercriminal gang that stole more than €1 billion from financial institutions in more than 40 countries. The gang has been operating since 2013 and has hit more than 100 financial in… Continue reading Spanish Authorities Arrest Leader of Cybercriminal Gang Behind €1 Billion Heist
The U.S. Department of Justice (DoJ) has indicted nine Iranian nationals with cyberespionage for cyberattacks that resulted in the theft of more than 30TB of data from domestic and foreign universities, commercial companies and government institutions… Continue reading U.S. Charges 9 Iranians with Data Theft in Cyberespionage Campaign
After publicly exposed MongoDB databases, Amazon AWS S3 buckets and Redis instances, researchers now warn that a considerable number of etcd servers are also publicly accessible and contain sensitive credentials that could provide access to additional… Continue reading Over 2K Publicly Accessible Etcd Servers Leak Sensitive Credentials
Chip maker AMD has confirmed the validity of flaws that a security firm recently claimed to have found in its processors and plans to release firmware patches in the coming weeks. A small security firm based in Israel called CTS Labs published a contr… Continue reading AMD Confirms Chip Flaws, Promises Fixes Soon
Expedia-owned travel fare aggregator Orbitz.com discovered that one of its platforms was compromised last year and hackers might have accessed the payment cards details and personal information of about 880,000 customers. The company discovered this m… Continue reading Orbitz Suffers Data Breach Impacting 880K Customers
Security researchers have come across an attack against PostgreSQL servers that installs cryptominer malware that’s hidden in a picture of actress Scarlett Johansson. The unusual attack was captured in a honeypot by researchers from security fir… Continue reading Attackers Deliver Cryptominer to PostgreSQL Servers as Scarlett Johansson Pic
Microsoft has expanded its bug bounty programs to include monetary rewards for vulnerabilities that stem from speculative execution, a feature in modern processors that sits at the core of the Meltdown and Spectre vulnerabilities disclosed this year. … Continue reading Microsoft Offers $250K Bounty for Meltdown-Like Bugs in CPUs
Not-for-profit certificate authority Let’s Encrypt has started issuing wildcard HTTPS certificates for free, allowing organizations with a large number of web assets to significantly simplify their certificate management. Let’s Encrypt has… Continue reading Free HTTPS Wildcard Certificates Are Now Available