Attackers are using a “fileless” malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.
Divergent “fileless” NodeJS malware used for click-fraud Read More »
Apple released security updates that fix vulnerabilities in iOS, iPadOS, Safari, tvOS and other products.
Apple security updates for iOS 13, macOS and other products (update) Read More »
A cyber attack group dubbed “Tortoiseshell” has deployed a fake website posing as a site to help U.S. military veterans find jobs. The website is then used to download malware to visitors’ systems.
Tortoiseshell targets US veterans with fake website used to download malware Read More »
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.
Hacker publishes vBulletin zero-day exploit Read More »
Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.
Microsoft issues out-of-band patches (Critical IE CVE-2019-1367 exploited in wild) Read More »
Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.
Jira Service Desk critical security update Read More »
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.
phpMyAdmin zero-day vulnerability (CVE-2019-12922) Read More »
VMware issued a security advisory for two vulnerabilities that impact multiple VMware products. The vulnerability severity ranges from a CVSS v3 base score of 4.7 to 8.5.
VMware patches two vulnerabilities in multiple products Read More »
A new ransomware dubbed TFlower has been targeting corporate environments via exposed remote desktop services (RDS).
TFlower ransomware targets companies via exposed RDS Read More »
Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.
Top 3 AWS security configuration mistakes Read More »
