Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated…

Read More

Android bug lets hackers plant malware via NFC beaming

All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019. Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam.…

Read More

¿Usas Chrome? Exploit 0-Day activo

Google está adviertiendo de forma urgente a sus millones de usuarios que instalen la versión Chrome 78.0.3904.87, para parchear dos vulnerabilidades de alta gravedad, una de las cuales los atacantes están explotando activamente. Sin revelar detalles técnicos de la vulnerabilidad, el equipo de seguridad de Chrome dice que ambos problemas son vulnerabilidades del tipo use-after-free, uno…

Read More

Una base de datos de Adobe vulnerable compromete a millones de usuarios de Creative Cloud

Datos personales de 7,5 millones de clientes de Creative Cloud fueron expuestos públicamente en una base de datos de Adobe vulnerable a cualquier usuario o atacante, según el descubrimiento de Comparitech. Con un número de suscriptores estimados en 15 millones, Adobe Creative Cloud o Adobe CC es uno de los servicios de suscripción de software especializado en edición más popular…

Read More

Falla crítica en PHP con PHP-FPM sobre Nginx

Si está ejecutando un sitio web basado en PHP en el servidor NGINX y tiene habilitada la función PHP-FPM para un mejor rendimiento, debe tener cuidado con una nueva vulnerabilidad que permitiría que atacantes no autorizados accedan a su servidor de forma remota. PHP-FPM es una implementación alternativa de PHP FastCGI que ofrece un procesamiento avanzado y altamente eficiente…

Read More

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over…

Read More

Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

Attention Linux Users! A vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute…

Read More

Rusty Joomla RCE

Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December 2015) that leads to Remote Code Execution.A PHP Object Injection was discovered in the wild and patched in the 3.4.5 version (CVE-2015-8562), however, this vulnerability depends also a lot on…

Read More

Exploit 0-day para Joomla

Se ha encontrado una nueva vulnerabilidad 0-Day en Joomla!. La misma fue descubierta por el investigador italiano Alessandro Groppo de Hacktive Security y afecta a todas las versiones de Joomla! que se encuentran entre la 3.0.0 y la 3.4.6 es decir, las lanzadas entre septiembre de 2012 y diciembre de 2015. Para otro tipo de productos hablaríamos de una vulnerabilidad…

Read More

Most malspam contains a malicious URL these days, not file attachments

Proofpoint: 85% of all malicious email spam sent in Q2 2019 contained a link to download a malicious file. Most malicious email spam (malspam) sent in the first half of the year has contained links to malicious files, rather than file attachments, according to telemetry gathered by cyber-security firm Proofpoint More precisely, 85% of all…

Read More