Tag
The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report. "The app is
401 distinct cloud apps shown to deliver malware; Microsoft OneDrive delivered 30% of all cloud malware downloads.
WordPress Mega Main Menu plugin version 2.2.2 suffers from a backup disclosure vulnerability.
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh
Categories: News Tags: Windows 7 end of ESU Tags: Extended Security Updates Tags: ESU Tags: Microsoft ESU Tags: ESU program Tags: WIndows 8.1 Tags: Windows Server 2008/R2 Tags: NVIDIA Tags: Google Chrome Tags: Chrome Microsoft will cease supporting Windows 7 and Windows 8.1 all together, as well as Windows Server 2008/R2. (Read more...) The post Microsoft ends extended support for Windows 7 and Windows Server 2008 today appeared first on Malwarebytes Labs.
Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.
Ubuntu Security Notice 5792-1 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.