Collaborate Disseminate
Facebook has awarded US $40,000 to a security researcher who achieved remote code execution on its servers by exploiting a widely-publicised vulnerability.
David Bisson reports.
Continue reading Remote code execution vulnerability affecting Facebook’s servers earns researcher $40,000
“Fur Affinity” pushed a password reset after its source code was shared by hackers. Continue reading Another Day, Another Hack: Furry Site Hacked, Content Deleted
Nulled.IO, an underground forum that helped enable users to share stolen credentials and software cracks was hacked earlier this month, spilling a glut of information on its users. Continue reading Info on 500K Users Doxxed in Hacking Forum Dump
Listen to the latest episode of our regular security podcast! Continue reading 3 months, 3 Flash zero-days [Chet Chat Podcast 240]
It’s been a week since the existence of several flaws affecting popular image processing library ImageMagick have been made public. At the time, one of these, a remote code execution vulnerability (CVE-2016–3714) that is easy to trigger was already exploited in attacks in the wild. The bug has been patched in ImageMagick versions 7.0.1-2 and 6.9.4-0 that were pushed out on Friday, but according to Sucuri Security and CloudFlare, attackers still hope not all web … More → Continue reading Attackers keep flinging assorted ImageMagick 0day exploits
WordPress has issued a security release, patching a SOME vulnerability in Plupload, and a reflected cross-site scripting bug in MediaElement.js. Continue reading WordPress Patches SOME, XSS Flaws in Version 4.5.2
Vulnerability in ImageMagick allows attackers to execute malicious code. Continue reading Exploits gone wild: Hackers target critical image-processing bug
ImageMagick does not properly validate user input before processing it using a delegate,which may lead to arbitrary code execution. This issue is also known as"ImageTragick". Continue reading VU#250519: ImageMagick does not properly validate input before processing images using a delegate
So another vulnerability with a name and a logo – ImageTragick? At least this time it’s pretty dangerous, a bunch of ImageMagick Zero-Day vulnerabilities have been announced including one that can leave you susceptible to remote code execution. It’s pretty widely used software too and very public, if you use an app online that lets […]
The…
Read the full post at darknet.org.uk
Continue reading Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?
Attack code exploiting critical ImageMagick vulnerability expected within hours. Continue reading Huge number of sites imperiled by critical image-processing vulnerability [Updated]