Unpatched WordPress Vulnerability Could Allow Hacker to Reset Admin Password

WordPress is the most popular content management or blogging system in world.A zero-day vulnerability exists in WordPress that in some conditions could allow an attacker to reset a user’s password and gain access to their WordPress account. The WordPress vulnerability was discovered by security researcher Dawid Golunski of Legal Hackers who disclosed the vulnerability on Read More …

More Than 1 Million Google Accounts Hacked by Gooligan Malware

A new Android malware called Gooligan, has managed to steal access to more than 1 million Google accounts. This malware is still active and is responsible for an additional 13,000 new breaches of Android devices daily, according Check Point Technologies. According reasearch by Checkpoint this malware roots infected devices and steals authentication tokens that can Read More …

New Backdoor Found in Firmware of Nearly Three Million Android Devices

Nearly three million android devices are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary Read More …

Drupal Fixes Moderately Critical -Multiple Vulnerabilities in Core Engine

The Drupal Security Team fixed some of security issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service attack. Drupal fixed four vulnerabilities marked and less critical. These vulnerabilities affect Drupal core 7.x versions prior Read More …

OPENSSL PATCHES HIGH-SEVERITY DENIAL-OF-SERVICE VULNERABILIIES

OpenSSL patched three vulnerabilities in its latest release , Out Of the three bugs, only one was rated high severity and could lead to OpenSSL crashes. This high vulnerability is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites.Only OpenSSL 1.1.0 is affected, earlier versions are not. Read More …

One Billion Mobile Apps Exposes to Account Hijacking Because of OAuth 2.0 Hack

Third-party applications that allow single sign-on via Facebook and Google and support the OAuth 2.0 protocol, are exposed to account hijacking. Three security researcher form The Chinese University of Hong Kong presented a paper at Blackhat last week. They have described an attack that takes advantage of poor OAuth 2.0 implementations and puts more than Read More …

Google Discloses Critical Windows Zero Day Vulnerabilities in Kernel

Google disclosed a zero-day vulnerability in Windows,this critical zero-day is unpatched and is being used by attackers in the wild. Google disclosed today, 10 days after it privately reported the issue to Microsoft. Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attack within seven Read More …

Hacker Finds Way To Hijack Nearly Any Drone Mid-Flight Using a Tiny Gadget

Now you can hijack nearly any drone mid-flight because security researcher has developed a tiny gadget that is capable of hijacking most drones mid-flight and wide variety of radio- controlled airplanes, helicopters, other devices that use a popular wireless transmission protocol (DSMx). locking the owner out and giving the attacker complete control over the device. Read More …

Adobe Releases Emergency Patch For Critical Flash Player Zero Day Vulnerability

Adobe has released a security update to address a vulnerability in Flash Player. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. “Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Read More …