-
NSA: Top 25 vulnerabilities actively abused by Chinese hackers
The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests.
- October 20, 2020
- 11:20 AM
0
-
Researchers use ‘fingerprints’ to track Windows exploit developers
Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity.
- October 02, 2020
- 06:00 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Hackers actively exploiting severe bug in over 300K WordPress sites
Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.
- September 02, 2020
- 09:27 AM
- 0
-
Windows 10 features that boost your computer's security
Your Windows 10 computer has a treasure trove of hidden security features and you need to manually enable them by tweaking the system settings. In this article, we've highlighted the best security features that you should try on Windows 10.
- August 15, 2020
- 10:39 AM
- 12
-
PoC exploits released for SAP Recon vulnerabilities, patch now!
Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices.
- July 15, 2020
- 05:28 PM
- 0
-
PoC exploits released for F5 BIG-IP vulnerabilities, patch now!
Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices.
- July 05, 2020
- 04:44 PM
- 2
-
New Lucifer DDoS malware creates a legion of Windows minions
A new botnet identified in the wild leverages close to a dozen exploits for high and critical-severity vulnerabilities against Windows systems to turn them into cryptomining clients and sources for distributed denial-of-service (DDoS) attacks.
- June 25, 2020
- 12:46 PM
- 0
-
Microsoft: Attackers increasingly exploit Exchange servers
Microsoft's Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection.
- June 24, 2020
- 02:25 PM
- 0
-
Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit
Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1).
- June 05, 2020
- 01:47 PM
- 0
-
Hackers exploit Salt RCE bugs in widespread attacks, PoCs public
Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation.
- May 04, 2020
- 01:19 PM
- 0
-
Windows 10 SMBGhost RCE exploit demoed by researchers
A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security.
- April 20, 2020
- 02:04 PM
- 1
-
Exploit for Zoom Windows zero-day being sold for $500,000
An exploit for a zero-day remote code execution vulnerability affecting the Zoom Windows client is currently being sold for $500,000, together with one designed to abused a bug in the video conferencing platform's macOS client.
- April 15, 2020
- 04:15 PM
- 0
-
Apple Paid $75K For Bugs Letting Sites Hijack iPhone Cameras
Apple has paid a $75,000 bug bounty to a security researcher who chained together three different exploits that could have allowed malicious web sites to use your iPhone camera and microphone without permission.
- April 03, 2020
- 12:52 PM
- 1
-
Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!
Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago.
- February 26, 2020
- 03:00 PM
- 0
-
Twitter Fixed Issue Exploited to Match Phone Numbers to Accounts
Twitter says that it discovered and fixed an issue exploited by attackers to match specific phone numbers to their corresponding Twitter accounts.
- February 03, 2020
- 04:35 PM
- 0
-
Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
- January 28, 2020
- 03:30 AM
- 0
-
RCE Exploit for Windows RDP Gateway Demoed by Researcher
A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws.
- January 27, 2020
- 10:14 AM
- 0
-
DoS Exploit PoC Released for Critical Windows RDP Gateway Bugs
A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.
- January 24, 2020
- 02:10 PM
- 0
-
PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.
- January 16, 2020
- 12:59 PM
- 0
-
Nexus Mods Game Modding Site Discloses Data Breach
The popular game modification site NexusMods has announced a security incident that may have exposed the registration information for its users.
- December 19, 2019
- 10:41 AM
- 0
.jpg)
.jpg)
