Collaborate Disseminate
A security firm claims that AMD’s Ryzen and Epyc processors used in laptops, desktops, workstations and servers have 13 critical security holes that could allow attackers to install undetectable malware or steal sensitive data from protected mem… Continue reading Security Firm Claims AMD Chips Have Critical Vulnerabilities
Security researchers have discovered a new malware framework that’s used for cyberespionage and is delivered to computers through hacked MikroTik routers. Dubbed Slingshot, the malware has a modular architecture and is on par with state-sponsore… Continue reading Attackers Infect Computers with Cyberespionage Malware via Hacked Routers
Security researchers have come across a new cryptojacking worm that infects Redis and Windows servers with cryptomining malware. The attack, which has been dubbed RedisWannaMine by researchers from security firm Imperva, scans for misconfigured Redis d… Continue reading Worm Infects Redis, Windows Servers with Cryptomining Malware
A serious vulnerability in the widely used Exim software could expose hundreds of thousands of email servers to hacking if left unpatched, researchers warn. The flaw, tracked as CVE-2018-6789, was fixed in Exim version 4.90.1 released Feb. 10, but deta… Continue reading Exim Flaw Puts Hundreds of Thousands of Email Servers at Risk
Researchers have developed new techniques inspired by the recent Spectre CPU vulnerability to completely compromise the confidentiality of hardware-based secure enclaves created with Intel’s Software Guard eXtensions (SGX). SGX is a feature prese… Continue reading Spectre-Inspired Attacks Can Steal Data from Intel SGX Enclaves
Microsoft has made available updates for Windows 10 that include Intel CPU microcode patches for the Spectre vulnerability. This allows users to get the fixes even if their computer manufacturers haven’t released BIOS/UEFI updates for their syste… Continue reading Microsoft Starts Delivering Intel Microcode Patches for Spectre
In what might be the largest ever recorded distributed denial-of-service (DDoS) attack, GitHub was hit this week with more than 1TB of malicious traffic per second generated by hijacked Memcached servers. DDoS mitigation providers had warned recently t… Continue reading GitHub Hit by Record DDoS Attack Through Exposed Memcached Servers
Some single sign-on (SSO) systems that use SAML are vulnerable to a newly discovered attack that can allow hackers to authenticate as other users without knowing their passwords. SSO systems allow users to authenticate to various services using a singl… Continue reading Some SSO Systems Vulnerable to Authentication Bypass
A vulnerability that was recently patched in Flash Player after being used in targeted attacks is now seeing widespread exploitation in a malicious spam campaign. The flaw was first identified in late January by security researchers who saw it used in … Continue reading Recent Flash Zero-Day Flaw Now Exploited in Widespread Attacks
An update for the popular Npm package manager used by many developers for JavaScript-based projects crashed Linux systems after changing the permissions for critical directories. Linux users who installed npm 5.7.0 released Feb. 21 quickly took to Twit… Continue reading Npm Update Crashes Linux Systems