Exploit for CVE-2010-2568

Zero Click Exploits Android, OSX, Linux, Windows, iOS, IoT, S...

How Bitcoin’s digital signature feature facilitates Web3 adoption

Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…...

Why Modern Layer 7 DDoS Protections Are Crucial for Web Security in 2024

A new Akamai white paper explains why you need to prioritize modern Layer 7 DDoS protection — and details how you can guide your security efforts...

The Wordfence 2023 State of WordPress Security Report

Today, the Wordfence Threat Intelligence team is releasing our 2023 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations...

Explaining the Business Value of Qualys Enterprise TruRisk Platform to Your Leadership

New IDC White Paper Reports Findings by Qualys Customers As a cybersecurity leader, you may struggle to help your C-suite see the business value of what your team does. Forget “speeds and feeds”; key decision-makers are solely focused on The Numbers. While reports from most security tools excel a...

Malicious borrower can create pool imbalance by tricking the V2 pool to send lesser number of long tokens in exchange for short tokens

Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where total long tokens & short tokens follow the equation total long total short = L. Any increase in long tokens has to be accompanied with a proportionate drop in short tokens and viceversa to ensure that...

How Much is Your Hacked Site Worth?

The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels,...

[Security Nation] Taki Uchiyama of Panasonic on Product Security and Incident Response

!\Security Nation\ Taki Uchiyama of Panasonic on Product Security and Incident Responsehttps://blog.rapid7.com/content/images/2022/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Taki Uchiyama about his work on Panasonic’s Product Security Incident Response...

JSSLoader: the shellcode edition

The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...

AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch

Bulletin ID: AMD-SB-1026 Potential Impact: Data leakage Severity: Medium Summary AMD is providing an update for one recommended mitigation, mitigation G-5, in the “Software Techniques for Managing Speculation on AMD processors” white paper. Mitigation G-5 helps address potential vulnerabilities...

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named...

Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings

Cybercriminals are innovative, always finding ways to adapt to new circumstances and opportunities. The proof of this can be seen in the rise of a certain variety of activity on the dark web: the sale of access to compromised networks. This type of dark web activity has existed for decades, but i...

AMD Secure Encryption Virtualization (SEV) Information Disclosure

Bulletin ID: AMD-SB-1013 Potential Impact: Information Disclosure Severity: Medium Summary AMD received notification of a potential security vulnerability from a team of researchers led by Professor Yinqian Zhang from Southern University of Science and Technology SUSTech. A paper titled...

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

Bulletin ID: AMD-SB-1023 Potential Impact: Loss of Integrity, Confidentiality and Availability Summary A malicious hypervisor HV along with an unprivileged process controlled by an attacker and executing in a guest VM, may maliciously control the process of flushing the Translation Lookaside Buff...

New News About the HITRUST Scoring Rubric and PRISMA Model

This is a high-level overview of the most significant changes about the updated HITRUST scoring rubric and PRISMA model that will affect all organizations using the HITRUST framework. It contains tips and guidance for how to prepare for upcoming HITRUST assessments. If you need a deeper dive into...

MS-ISAC Releases Security Event Primer on Malware

The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network,...

Blockchain and Trust

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great...

New Android Malware Framework Turns Apps Into Powerful Spyware

Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled...

Security Bulletin: IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430)

Summary A security vulnerability has been identified in the IBM Spectrum Scale GPFS Hadoop connector which could allow an unprivileged user the ability to read, write, modify, or delete any data in a GPFS file system CVE-2015-7430 Vulnerability Details CVEID: CVE-2015-7430 DESCRIPTION: IBM Genera...