Tag

vulnerability
oracle weblogic server malware certificate

Oracle WebLogic Server susceptible to malware hiding in Certificate Files

Security researchers discovered a security vulnerability in Oracle WebLogic Server, a component of Oracle Fusion Middleware, and found to be actively exploited by cybercriminals to install cryptocurrency miners. This malware which was used in the attack hid in certificate files to avoid malware detection and later dropped miners for cryptocurrency known as Monero Miner. Tracked...
Continue Reading
wordpress plugin vulnerability phishing redirect malware

WordPress Plugins Utilized For Use in Malicious Campaign

With each passing day, cases of WordPress infection that redirects visitors to suspicious pages is getting common.  Recently, a vulnerability was discovered in tagDiv Themes and Ultimate Member Plugins. In this WordPress redirect hack visitors to your website are redirected to phishing or malicious pages.   In this hack, users, when redirected, are taken to...
Continue Reading
atlassian server hacked inject trojans injection hacker malware

Critical Atlassian Server Flaw Used by Hackers to Inject Trojans

A group of attackers are actively exploiting a critical vulnerability in Atlassian’s Confluence collaboration software to inject trojans and infect servers with the GandCrab ransomware. Confluence is a Java-based web application that provides a shared wiki-type workspace for enterprise employees and is used by tens of thousands of companies worldwide.   The vulnerability, tracked as...
Continue Reading
uc browser ucweb phishing phishingattacks

UC Browser Vulnerability Could Expose More Than 600M Users to Phishing Attacks

An address bar vulnerability with the latest versions of UC Browser and UC Browser Mini exposes millions of users to Phishing Attacks. The vulnerability was discovered by a cyber-security researcher, which allows an attacker to pose his phishing domain as the targeted site.   According to the researcher, the UC Browser phishing vulnerability exists only...
Continue Reading
cryptojacking malware

CryptoJacking Malware Functions Under The Radar

Analysis of new malware samples used by the Rocke group for cryptojacking reveals code that uninstalls from Linux servers multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.   Rocke’s goal is to compromise Linux machines and use them to mine for Monero cryptocurrency. They exploit several vulnerabilities in Apache Struts...
Continue Reading
phising email phishing anti phishing phishing solutions

Critical and Vulnerable Phishing Kits Found on GitHub

Many phishing kits come with web app vulnerabilities that could expose the servers used for their deployment to new attacks which could lead to full server take over. Phishing kits are packages of ready to deploy fake login pages targeting a wide range of online services, ranging from Gmail and Amazon to Microsoft and PayPal....
Continue Reading
Data breach

Unprotected Evite website containing customers’ data exposed in a data leak

A social planning and e-invitations service company named Evite detected a security breach when anunauthorized party acquired an inactive data storage file associated with the firm’s user accounts last April 15, 2019. This storage file contains customer’s information which includes names, usernames, email addresses, passwords, dates of birth, phone numbers, and mailing addresses.   Among...
Continue Reading
Malware and Adware Attacks Using WP Plugins

Malware and Adware Attacks Using WP Plugins

With each passing day, cases of WordPress infection that redirects visitors to suspicious pages is getting common.  Recently, a vulnerability was discovered in tag Div Themes and Ultimate Member Plugins. In this WordPress redirect hack visitors to your website are redirected to phishing or malicious pages.   In this hack, users, when redirected, are taken...
Continue Reading
WordPress Yuzo Plugin Becomes Scamming Tool

WordPress Yuzo Plugin Becomes Scamming Tool

The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day.   The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild....
Continue Reading
Rowhammer attack

New variant of Rowhammer attack risking danger for possible data leak

International academic researchers discovered a new variant of the Rowhammer attack,which they named asRAMBleed,that can be performed even if a system is patched against Rowhammer. The unfamiliar attack of this RAMBleed is that it targets devices to steal information, contrary to other Rowhammer attacks that alter existing data or elevate an attacker’s privileges. As many...
Continue Reading
1 2 3