0-day

0-day Weekly news WORLD

Welcome Spelevo: New exploit kit full of old tricks

Threat Research Nick Biasini authored this post with contributions from Caitlyn Hammond. Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits […]

0-day Data leaks WORLD

Ongoing Credit Card Data Leak

DNSMon is a network-wide DNS malicious domain analysis system we build here at 360Netlab. With the 10%+ total DNS traffic coverage in China, plus the other multi-dimensional security data and security analysis capabilities we have accumulated over the years, we can “see” what is happening in the whole network in real time from a unique […]

0-day TIPS

Remote Code Execution on most Dell computers

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, […]

0-day WORLD

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support […]

0-day Attack/APT Cryptography Weekly news WORLD

NSA asks to end mass phone surveillance

by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating […]

0-day Attack/APT Data leaks VULNERABILITIES Weekly news Windows tips WORLD

Fingerprint glitch in passports swapped left and right hands

by Lisa Vaas True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors. The Copenhagen Post quoted Jonathan Jørgensen: It’s difficult to imagine that […]

0-day VULNERABILITIES WORLD

‘Highly Critical’ Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on […]

0-day Social netwotrks VULNERABILITIES WORLD

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more […]