Google Chrome Bugs Open Browsers to Attack

A heap buffer-overflow flaw (CVE-2020-15960) in storage in Google Chrome could allow a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Domain controllers at risk of hijacking due to Samba flaw

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.

Failed Auction Pushed Actors to Release Their Banking Trojan For Free

Failed Auction Pushed Actors to Release Their Banking Trojan For Free - Cybersecurity news - Malware and Vulnerabilities
Hackers have released the source code of the Cerberus Android banking trojan in public after their planned auction turned out a dud; its base price was $50,000.

Mozi Malware Amasses IoT Network Traffic Quietly

Mozi Malware Amasses IoT Network Traffic Quietly - Cybersecurity news - Malware and Vulnerabilities
IBM reported about the botnet that uses command injection attacks to gain initial access to devices. It was behind 90% of the IoT network traffic observed between October 2019 and June 2020.

Windows backdoor masquerading as VPN app installer

Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor, Trend Micro researchers warn.

Online Retailers Urged to Take Action on Platform Security

Online retailers, particularly those still using the Magento 1 e-commerce platform, need to take action fast to update their security posture, according to Sonassi, which hosts Magento.

Whitehat hacker bypasses SQL injection filter for Cloudflare

Cybersecurity researcher George Skouroupathis uncovered a flaw in Cloudflare's Web Application Firewall (WAF) SQL injection protection mechanism.

Discount Rules for WooCommerce WordPress plugin gets patch once again

The plugin developers have revealed for the third time a security patch to address two high-severity cross-site scripting (XSS) flaws that could be exploited by an attacker to hijack a targeted site.

Critical Aruba ClearPass RCE vulnerability exposes underlying systems

The flaw is classed as an unauthenticated RCE vulnerability in Aruba ClearPass Policy Manager, which acts as a secure access gatekeeper for IoT, BYOD, and guest devices on corporate networks.

Node.js applications open to prototype pollution attacks via legacy function in popular encryption library

A carryover function in the node-forge JavaScript library contains a flaw that could allow attackers to carry out prototype pollution attacks against applications, according to an advisory on GitHub.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags