Network Security

Struts 2 Remote Code Execution Vulnerability (S2-045)

08/03/2017 11:32:31

It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user....

Content Injection Vulnerability In WordPress REST API

13/02/2017 17:25:21

During the Chinese spring festival, a severe content injection vulnerability was discovered in WordPress. This vulnerability allows an unauthorized user to inject malicious content and modify the content of any post or page within a WordPress site. ...

'One billion' affected by Yahoo hack

29/12/2016 18:30:25

Yahoo has said more than one billion user accounts may have been affected in a hacking attack dating back to 2013....

Nginx Privilege Escalation Vulnerability on Debian-based Linux

22/11/2016 13:25:05

On November 15th, 2016, Dawid Golunski discovered that there is privilege escalation vulnerability (CVE-2016-1247) in Nginx. When Nginx creates log directories with insecure permissions, the vulnerability may be exploited by malicious local attackers to escalate their privileges from Nginx/Web user(www-data) to root. Nginx web server package on Debian-based distributions such as Debian or Ubuntu will be affected....

This Hack Gives Linux Root Shell Just By Pressing 'ENTER' for 70 Seconds

21/11/2016 13:25:45

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds....

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

10/11/2016 17:25:03

Someone is trying to take down the whole Internet of a country, and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware....

SQL Injection Vulnerability in Joomla Component ja-k2-filter-and-search was Discovered

24/10/2016 10:10:12

In the past couple of days, Information Security experts discovered an SQL injection vulnerability in Joomla component ja-k2-filter-and-search....

NSA contractor charged with stealing secret data

18/10/2016 10:00:59

A federal contractor suspected in the leak of powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government...

Nearly 800,000 FTP Servers Accessible Online Without Authentication

26/09/2016 14:30:04

A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials....

MySQL Exploit Remote Root Code Execution Privesc Vulnerability

14/09/2016 18:30:34

An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662.which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf) leading to critical consequences....

Our Social Networks

Global Service Center: