The vulnerability can lead to attackers grabbing data from website database or user sensitive information Feb 27, 2017 22:49 GMT · By Gabriela Vatu A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowing users to grab data from the… Continue reading Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin
Month: February 2017
Google Chrome 56's crypto tweak 'borked thousands of computers' using Bluecoat security
Flawed TLS 1.3 takes down Chromebooks, PCs 27 Feb 2017 at 22:04, Thomas Claburn The availability of Transport Layer Security protocol version 1.3 was supposed to make network encryption faster and more secure. TLS 1.3 dispenses with a number of… Continue reading Google Chrome 56's crypto tweak 'borked thousands of computers' using Bluecoat security
Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings
February 27th 2017 By Lorenzo Franceschi-Bicchierai A company that sells “smart” teddy bears leaked 800,000 user account credentials—and then hackers locked it and held it for ransom. A company that sells internet-connected teddy bears that allow kids and their far-away parents to exchange… Continue reading Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings
How Apple Is Pushing Users to Beef Up Security
27th February 2017 By Don Reisinger Apple is pushing users to think seriously about identity security with a new beta version of its mobile operating system. The tech giant is suggesting customers using a test version of its mobile operating system iOS enable two-factor authentication—a security feature that requires both a password and… Continue reading How Apple Is Pushing Users to Beef Up Security
The latest ransomware threat: Doxware
Like ransomware, doxware encrypts files, but also involves purloining copies By Rishi Bhargava, Co-founder and VP Marketing, Demisto Network World | February 27, 2017 This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. As if ransomware wasn’t bad enough,… Continue reading The latest ransomware threat: Doxware
Treason charges against Russian cyber experts linked to seven-year-old accusations
See Also – Russia Arrests Top Kaspersky Lab Security Researcher on Charges of Treason 26th February 2017 By Jack Stubbs and Svetlana Reiter Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to… Continue reading Treason charges against Russian cyber experts linked to seven-year-old accusations
New RaaS Portal Preparing to Spread Unlock26 Ransomware
February 25th 2017 By Catalin Cimpanu A new Ransomware-as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week. First spotted two days ago, this ransomware operation is quite unique as it features a very minimal and direct style, with little-to-no instructions and simple-designed ransom notes and ransom payment portal. Based… Continue reading New RaaS Portal Preparing to Spread Unlock26 Ransomware
Shamoon 2 malware, ASERT has shed light on the C2 and the infection process
February 26, 2017 By Pierluigi Paganini The analysis conducted by Arbor Networks on the Shamoon 2 malware has shed light on the control infrastructure and the infection process. Security researchers from Arbor Networks’ Security Engineering and Response Team (ASERT) have conducted a new analysis of the Shamoon 2 malware discovering further details on the tools… Continue reading Shamoon 2 malware, ASERT has shed light on the C2 and the infection process
Google releases details of unpatched Internet Explorer and Microsoft Edge vulnerability
25th February 2017 By Mark Wilson Not content with publishing details of an unpatched Windows bug, Google has now gone public with a security vulnerability in both Microsoft Edge and Internet Explorer. Going under the description of “Type confusion in HandleColumnBreakOnColumnSpanningElement”, the bug has the potential to allow an attacker to execute malicious code.… Continue reading Google releases details of unpatched Internet Explorer and Microsoft Edge vulnerability
Carder forum claims 150 million logins for sale from CloudBleed case
February 25, 2017 By Pierluigi Paganini The carder forum CVV2Finder claims to have more than 150 million logins from several popular services, including Netflix and Uber. The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber. The operators in the forum are offering the precious commodity… Continue reading Carder forum claims 150 million logins for sale from CloudBleed case