Author Archives: Vincy Davis

Google releases patches for two high-level security vulnerabilities in Chrome, one of which is still being exploited in the wild

Posted on by

Last week, Google notified its users that the ‘stable channel’ desktop Chrome browser is being updated to version 78.0.3904.87 for Windows, Mac, and Linux and will be rolled out in the coming weeks. This comes after some external researcher… Continue reading Google releases patches for two high-level security vulnerabilities in Chrome, one of which is still being exploited in the wild

Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack

Posted on by

Two days ago, Intel disclosed a vulnerability in their 2011 released line of micro processors with  Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA) technologies. The vulnerability was found by a group of researchers from t… Continue reading Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack

Understanding security features in the Google Cloud Platform (GCP)

Posted on by

Google’s long experience and success in, protecting itself against cyberattacks plays to our advantage as customers of the Google Cloud Platform (GCP). From years of warding off security threats, Google is well aware of the security implications … Continue reading Understanding security features in the Google Cloud Platform (GCP)

RubyGems strong_password v0.0.7 hijacked; infected thread and attacker account isolated for now

Posted on by

Last week, a developer Tute Costa notified Ruby users that the strong_password v0.0.7 rubygem has been hijacked. The malicious actor published v0.0.7 containing the malicious code, which enabled the attacker to execute remote code in production. As of … Continue reading RubyGems strong_password v0.0.7 hijacked; infected thread and attacker account isolated for now

Cloud Hopper: The Chinese group that hacked eight major U.S. computer service firms to boost economic interests, Reuters reports

Posted on by

A recent report by Reuters has revealed that a global hacking group, working for China’s Ministry of State Security known as Cloud Hopper, broke into networks of eight of the world’s biggest technology service providers, in order to steal c… Continue reading Cloud Hopper: The Chinese group that hacked eight major U.S. computer service firms to boost economic interests, Reuters reports

All Docker versions are now vulnerable to a symlink race attack

Posted on by

Yesterday Aleksa Sarai, Senior Software Engineer at SUSE Linux GmbH, notified users that the ‘ docker cp’ is vulnerable to symlink-exchange race attacks. This attack makes all the Docker versions vulnerable. This attack can be seen as a con… Continue reading All Docker versions are now vulnerable to a symlink race attack

SENSORID attack: Calibration fingerprinting that can easily trace your iOS and Android phones, study reveals

Posted on by

A new study by researchers at Cambridge University’s Computer Laboratory has revealed that an attack called calibration fingerprinting or SENSORID, allows iOS and Android devices to be tracked across the internet. The researchers stated that this… Continue reading SENSORID attack: Calibration fingerprinting that can easily trace your iOS and Android phones, study reveals

Approx. 250 public network users affected during Stack Overflow’s security attack

Posted on by

In a security update released on May 16, StackOverflow confirmed that “some level of their production access was gained on May 11”. In a recent “Update to Security Incident” post, Stack Overflow provides further details of the s… Continue reading Approx. 250 public network users affected during Stack Overflow’s security attack