Drupal has just issued its third flaw fix in a month, supplementing its previous patch for Drupalgeddon 2 with an unscheduled security update. After releasing a patch for a critical vulnerability in late March, Drupal is now having to do it all over … [Read more...] about Drupal Release Patches for Drupalgeddon2 Vulnerability
Vulnerabilities
Drupal Vulnerable to Back Doors
On March 28th, a patch for a vulnerability on Drupal was released to protect the Drupal content management system (Drupal 6, 7 and 8) against the bug that facilitates remote code execution. The Drupal vulnerability was tracked as CVE-2018-7600 and … [Read more...] about Drupal Vulnerable to Back Doors
Cisco Bug Leaves 8.5M Switches Vulnerable
A critical vulnerability in many Cisco networking devices has left 8.5M switches vulnerable to exploitation by attackers. The vulnerability could be leveraged by remote, unauthenticated attackers, allowing them to take over vulnerable devices and … [Read more...] about Cisco Bug Leaves 8.5M Switches Vulnerable
Drupal Sites Vulnerable to Attack
Drupal sites have been found to be highly vulnerable to attack. All recent versions of its content management system are affected by the same critical flaw, which has exposed millions of Drupal websites to potential attacks. The vulnerability can … [Read more...] about Drupal Sites Vulnerable to Attack
Telegram Zero-Day Spreads Malware
Russian security researchers at the Kaspersky Lab have identified a new malware campaign exploiting a zero-day vulnerability in Telegram Messenger, primarily used to spread malware, which mines cryptocurrencies including Monero and ZCash, without the … [Read more...] about Telegram Zero-Day Spreads Malware
Skype Zero Day Won’t Be Fixed Anytime Soon
A zero day security flaw in the Skype updater process can be exploited to give an attacker system-level privileges on a vulnerable computer, effectively allowing them access to every part of the targeted operating system. Security researcher Stefan … [Read more...] about Skype Zero Day Won’t Be Fixed Anytime Soon
Grammarly Flaw Exposes Personal Documents
Around 22 million people have installed the Grammarly extension for Chrome, which goes beyond a traditional spell checker to offer automated copyediting: analyzing your sentence structure and word usage, and correcting grammatical errors as well as … [Read more...] about Grammarly Flaw Exposes Personal Documents
Apple iBoot Firmware Leaks into GitHub
The source code to Apple’s iBoot firmware used in iPhones, iPads and iOS devices in general has leaked onto the public GitHub site. No one (for now) appears to know how the confidential closed-source code got there, but according to The Register, it … [Read more...] about Apple iBoot Firmware Leaks into GitHub
Oracle Micros POS Vulnerable to Attack
Oracle’s Micros point-of-sale (POS) systems have found to have a critical vulnerability, which could be exploited to compromise and download a company’s complete business data. Micros customers are said to include a range of major retail chains, in … [Read more...] about Oracle Micros POS Vulnerable to Attack
Microsoft and AMD Stop Spectre Patches Updates
Since Microsoft issued the patches for the chipset vulnerabilities known as Meltdown and Spectre that came to light via Google’s Project Zero last week, people who have AMD computers have issued complaints about their computers crashing to a Blue … [Read more...] about Microsoft and AMD Stop Spectre Patches Updates