Vulnerability

K12.com – 7Million Student’s Record Data Breach Exposed

Records show that K12.com, a web-based educational firm has suffered a massive 7-million student records breach due to an insecure version of MongoDB database server. Bob Dianchenko a security researcher at Comparitech has witnessed student data from K12.com was made public on June 25, 2019. According to his discovery, it took K12.com more than a

[ Read More ]

A Closer Look at TA505’s FlawedAmmyy RAT

Last November 24, 2018, while they were busy with their tRAT malware. The team once again surfaces with a new campaign, this time with a new remote access trojan known to Microsoft as FlawedAmmyy RAT. The technology used by the RAT is the all-time vulnerable language called the Visual Basic for Applications, also known as

[ Read More ]

Zero-day WordPress Plugin Exploits Irresponsibly Disclosed

WordPress is once again in the headlines of Tech News, as two zero-day exploits have been discovered, both related to how WordPress interacts with Facebook. The first one is Facebook for WooCommerce, is a WordPress plugin which promises to provide an interface between WooCommerce and Facebook. The second plugin is Messenger Customer Chat, as the

[ Read More ]

A First Look At Hacking Campaign Vs Exim Servers

The Internet, including both the surface web and the Dark Web is currently being scanned by cybercriminals looking for vulnerable Exim servers, which currently has 57% market share of all existing email servers in the world. The Exim email server flaw documented under CVE-2019-10149 enables hackers to send malformed emails to a target Exim server

[ Read More ]

WannaCry In 2019? Yes, WannaCry Is Still Here

Two years ago in 2017, the world was caught off guard by a very destructive ransomware named WannaCry. With its infection success rate, estimates revealed that ransom payment for WannaCry went up to $4 billion that year. The NSA’s former top secret weaponized bug in SMB (Server Message Block) version 1 went to the wrong

[ Read More ]

Code Execution Vulnerability in Notepad

Tavis Ormandy, a security researcher for Google’s Project Zero division, announced the discovery of a code bug in Notepad, Microsoft’s popular text editor. The problem was privately conveyed to Microsoft, and it was made public after 90 days. No additional information is currently available, because Microsoft has not solved the problem yet. According to sources

[ Read More ]

Microsoft Reminds User To Update The Legacy Operating Systems

Microsoft released a patch for a handful of legacy operating systems that are no longer available after detecting a critical vulnerability. The company warns users to quickly patch their systems to prevent another WannaCry ransomware attack. It is “highly likely” that malicious actors will write an exploit for this vulnerability, Simon Pope, director of incident

[ Read More ]

Oracle WebLogic Servers Hit With Zero-Day Attack

Oracle WebLogic Servers are not the usual targets when it comes to cyber attacks. Besides, the service is a niche and is facing strong competition from the likes of Amazon with their AWS and Google with its fleet of web services. This time, a new ransomware variant named Sodinokibi has penetrated WebLogic Servers using a

[ Read More ]

Hackers Can Use Unused Internet Explorer to Steal Data

This is no less than a shocker…Hackers can now use Internet Explorer to steal your data, that too even if you never use it. A security researcher has detected a zero-day vulnerability in Internet Explorer which would allow hackers to steal data. Security researcher John Page has published details and proof-of-concept code for the zero-day

[ Read More ]

4 Simple Tips to Fight PC Infections | Stay Protected from Threats

In today’s cybersecurity atmosphere, there is no way for any organization to assume that “we are not hacked”. The attack surface is very wide in Windows, Office, Java, Flash Player, and even the Intel processors have hardware security bugs. Basically, 2018 was a horrible year for cybersecurity because it proved how indefensible is the architecture

[ Read More ]