Thousands of routers are used to hack WordPress based websites

Thousands of routers are used to hack WordPress based websites
Wordfence specialists found that vulnerable routers are used to brute-force WordPress based websites.

Experts noticed something strange last month when the amount of cyber-attacks in Algeria jumped suddenly. The country went ...

Still using the SHA-1 function? Security experts recommend you don’t

In late February 2017 Google experts along with the Dutch Centrum Wiskunde & Informatica (the center of math and informatics) proved that SHA-1 is vulnerable to collision attacks.
In other words, hackers, using SHA-1 hash collision can create a fake ...

GiftGhostBot Botnet has Attacked almost 1000 Websites trying to steal gift cards’ data

Distil Network researchers reported the appearance of a GiftGhostBot botnet.Specialists say that the GiftGhostBot exists since February 26th, 2017 and that its main goal is gift cards fraud.
GiftGhostBot aimed at an array of websites that accept gift cards. Most ...

The Number of Hacked Websites Increased by 32% According to Google’s Webmaster Central Blog

According to Google report

On the State of Website Security in 2016, there was a significant increase in the amount of compromised websites.

However regrettable, the Internet did not become a safer place in the past year, compared to 2015. In ...

Security breach in a WordPress Plugin «Wordfence Security» (Part II)

On the basis of the simulated situation we discussed in our previous article, one of our clients found himself in a similar problem.

A couple of days ago our client, when attempting to upload a file, received the following error message:


The ...

Security Breach in a WordPress Plugin «Wordfence Security» (Part I)

Security Breach in a WordPress Plugin «Wordfence Security»
A short side note: This article was made after we shared the breach with the developers of the plugin and received a response from him (the quoted response is in part II ...

A Dangerous Local Vulnerability is Found in Systemd 228

A dangerous local vulnerability is found in systemd 228 that allows a non-privileged attacker run a code as superuser.
As stated by security researcher Sebastian Krahmer, the problem previously found in systemd can be exploited not only for Linux distribution ...

Vulnerability in Nginx allows for root privileges in the system

Attackers are able to escalate their privileges and compromise the system as a result
Security researcher Dawid Golunski states that vulnerability in nginx (CVE-2016-1247) allows local attackers to obtain root privileges in the system.

Intruders who have managed to compromise an ...

Malefactors Use KillDisk for Attacks on Linux Systems

New opportunities of KillDisk allow to control malware through the C&C server and use the application as a crypto ransomware
ESET researchers have discovered a new variant of KillDisk malware designed for attacks on the  Linux systems.

KillDisk is a destructive ...

The Mirai botnet has a powerful competitor now

The new Leet botnet was used in the DDoS attack on the infrastructure of the Imperva Incapsula company
Imperva Incapsula’s analysts have recorded a DDoS attack on the company’s infrastructure, which can lay claim to being the most powerful ones ...

Critical Vulnerability in PHPMailer library found

The hole allows to remotely execute a code in the context of web server and compromize the web application.
Polish security researcher Dawid Golunski from Legal Hackers has found a critical hole in one of the most popular open source ...

Google releases new tools to prevent XSS-attacks

Googleinfo-icon has released new tools and related documentation to help developers reduce the risk of XSS attacks using the Content Security Policy (CSP) standard. XSS-vulnerabilities continue to affect many web applications, including those developed by large companies.
In the past ...

Unidentified hackers compromised forum’s database

December 19, 2016, a notice appeared in Ethereum Project’s official blog, warning that forum was compromised by unknown attackers.
The administration learned about the data leak on December 16, 2016. The first results of the investigation showed the following ...


1 2 3 4 5
Skip to content