Linux Malware targets WordPress and common Plugins

Doctor Web has discovered a malicious Linux program that hacks websites based on a WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted webpages are injected with malicious JavaScripts. As a result, when users click on any area of an attacked page, they are redirected to other sites. What they can do?...

January 15, 2023 路 2 min 路 337 words

End of Microsoft Windows 7 security updates from today

Starting today, January 10th, Windows 7 Enterprise and Professional operating systems will no longer receive security updates. Thus, computers that still run these OS will no longer be protected against critical vulnerabilities. Apart from the operating system itself, browsers (both Edge and third-party browsers), as well as services from other non-Microsoft vendors, such as NVIDIA, have confirmed that they have also stopped offering new security patches in Windows 7. Actions to be taken You should upgrade your Microsoft Windows to newer versions, if your hardware does not support Windows 11, you may upgrade to Windows 10 or maybe consider switching to another Operation System like Linux....

January 10, 2023 路 1 min 路 106 words

Farewell Lastpass, We don't need more data breach

You鈥檝e heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security service鈥檚 25.6 million users, though, the company made a worrying announcement last week: A security incident the firm previously reported on November 30 was actually a massive and concerning data breach that exposed encrypted password vaults鈥攖he crown jewels of any password manager鈥攁long with other user data....

December 29, 2022 路 2 min 路 369 words

What you need to know about BERserk and Mozilla

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products.聽Dubbed 鈥淏ERserk鈥, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS....

September 25, 2014 路 1 min 路 193 words

WordPress hardened with XSS, DoS and SSRF fixes

With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers 鈥渟trongly encourage鈥 all users to update all their installations of the software to version 3.5.2 immediately. In addition to the fixed vulnerabilities, the new release also includes some proactive changes intended to harden the platform against attacks....

June 25, 2013 路 1 min 路 195 words

Apple closes QuickTime vulnerabilities on Windows

Apple has聽released聽a security update for its QuickTime media framework for Windows. Version 7.7.4 of the software closes 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats. The vulnerabilities affect Windows聽7, Vista and XP聽SP2 or later and could be exploited to cause arbitrary code execution and application crashes. The vulnerabilities affected the playback of MP3, H.263, H.264, TeXML, JPEG, QTIF, Sorenson Video and FPX files as well as the handling of dref, enof and mvhd atoms within the program....

May 23, 2013 路 1 min 路 162 words

Symantec vs AV-Comparatives, Which one do you trust?

Cross-posted from PCMag SecurityWatch: Last week independent antivirus lab AV-Comparatives released the results of an on-demand antivirus detection test. The fact that Microsoft came in near the bottom wasn鈥檛 big news; the fact that Symantec scored even lower was surprising indeed. In a blog post released today, Symantec decried the entire practice of performing on-demand malware scanning tests, calling it 鈥渕isleading.鈥 In the early years of antivirus testing, every test was an on-demand scanning test....

April 25, 2013 路 5 min 路 1044 words

Apple adds two-step verification option for Apple IDs

A new security option gives Apple鈥檚 customers a way to secure their Apple ID password using their phone. Cross-posted from Cnet: Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services. Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user鈥檚 phone, and must be used on top of a regular password....

March 23, 2013 路 3 min 路 446 words

Google updates all Chrome editions

h-online: Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements. The Stable Channel update closes seven security vulnerabilities, three of them rated High, and includes bug fixes. New stable Chrome versions for iOS and Android have also been released and include minor improvements. The iOS version of the browser now supports Apple鈥檚 Passbook application....

November 29, 2012 路 2 min 路 416 words

Firefox 16 re-released fixing multiple vulnerabilities

The H-Online: The latest version of Firefox, version 16, has returned to Mozilla鈥檚 servers with the release of Firefox 16.0.1 after the discovery of vulnerabilities caused the organization to remove the just-released open source web browser from circulation. Mozilla鈥檚 security blog post described the problem as just that of a malicious web site being able to potentially determine the URLs and parameters used and suggested downgrading to Firefox 15.0.1, despite the numerous critical bugs fixed in Firefox 16....

October 12, 2012 路 2 min 路 421 words