Blog
Closed critical vulnerability in the PeopleSoft kernel engine
Closed on Tuesday, October 17, a vulnerability with remote code execution as part of a large quarterly issue of Oracle’s critical patches has become an alarming call for businesses using PeopleSoft with open access from the Internet
This bug with ...
Security of Java applications at a low level
Veracode has released a report on the state of application security for the period from April 1, 2016 to March 31, 2017. The new statistics are based on the analysis of about 250 billion lines of code obtained during 400 ...
Google Play again found the malware that integrated infected devices into an advertising botnet
Experts at Symantec found in the applications from Google Play malware Sockbot
Experts at Symantec found in the applications from Google Play malware Sockbot, which combined infected devices into a botnet. As a result, in early October 2017, eight programs ...
Google started a reward program for finding a vulnerabilities in Play Store applications
A well-known proverb says: “better late than never”. This is exactly the case with GOOGL’s latest decision.
As you may know, a variety of malware and “problem” applications are found in the official directory of Google Play. Apparently, neither automated control ...
The Chrome Web Store removed the Adblock Plus clone
Before Google noticed an error, the extension was downloaded by about 37 thousand users
The extension, imitating a popular tool for blocking Adblock Plus ads, was posted on the Chrome Web Store. Before Google noticed the error, the extension was ...
LINUX KERNEL FIXES A TWO YEAR OLD VULNERABILITY
The problem allowed obtaining a superuser rights on the system
Linux kernel eliminates the dangerous privilege vulnerability found more than two years ago. The problem was discovered by a Google employee Michael Davidson in April 2015 and wad fixed in ...
WordPress plugin detected a backdoor
The backdoor was contained in the fake X-WP-SPAM-SHIELD-PRO plugin
An unknown hacker introduced a backdoor into the source code of the WordPress plugin that masquerades as an anti-spam tool called X-WP-SPAM-SHIELD-PRO.
Apparently, the attacker tried to use the reputation of a ...
Magento fix 35 vulnerabilities in two products
The WordPress plugin “Display Widgets” distributes malware
On September 14, Magento, developing the same-name online store management system, released updates for Magento Commerce and Magento Open Source, eliminating numerous vulnerabilities, in particular, a critically serious remote code execution error.
In summary, ...
The WordPress plugin “Display Widgets” distributes malware
The plug-in “Display Widgets”, numbering more than 200 thousand installations, was finally removed from the plug-ins directory to WordPress after a series of incidents, which resulted in the substitution of malicious code for new releases.
This code was a backdoor allowing ...
FTP is not safe, now Chrome will warn you about this
The Chrome browser from Google info-icon will soon be flagging services that use the FTP protocol as unsafe. This was reported yesterday by Google employee, a member of the security team of Chrome, Mike West (Mike West).
“As part of our ...
Google Chrome warns users about MitM-attacks
The experimental function is already available for testing.
A new security feature will appear in the Google Chrome 63 browser, which will detect a “man in the middle” (MitM) attacks by third-party software.
MitM-attacks are used to intercept web-traffic of ...
Detected critical vulnerability in Apache Struts
The update of the Apache Struts 2.5.13 web framework, used to create Java web applications using the Model-View-Controller paradigm, is published. The release includes a critical vulnerability fix (CVE-2017-9805) that allows you to run code on the server side.
The attack ...
The Cerber cipher steals data from cryptocurrency wallets
Last spring, Malwarebytes researchers reported that the encryptor Cerber managed to capture the leadership in the black market, and this was largely due to the transition of the malware to the RaaS (Ransomware-as-a-Service) model and the regular appearance of new ...
Drupal eliminates the vulnerabilities exploited by spammers
Drupal eliminates the vulnerabilities
The developers of Drupal introduced versions 7.56 and 8.3.4, in which several vulnerabilities were eliminated, including bugs used by spammers.
One of the main corrected problems was the vulnerability of CVE-2017-6922. The bug was that the files ...
During the hacking of OneLogin thousands of users were affected
OneLogin Hacked
The popular provider of single sign-on solutions, OneLogin, suffered a hacker attack. Then it was reported that unknown intruders managed to get unauthorized access to data on the American region.
Representatives of the company explained that the burglars ...