Vulnerabilities & Exploits | Security I Trust

zero-day vulnerability – Sandworm -CVE-2014-4114

October 14, 2014October 15, 2014 admin 0 Comments CVE-2014-4114, Sandworm, zero-day vulnerability

A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we

IT Security News News Security Advisories Security Alerts Security Risks Vulnerabilities & Exploits Vulnerability Alerts

Shellshock bash Code Injection Vulnerability

September 26, 2014September 26, 2014 admin 0 Comments bash Code, Shellshock

Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk? Report from SAMS ISC

IT Security News Security Alerts Vulnerabilities & Exploits Vulnerability Alerts

iPhone Skype XSS Vulnerability Lets Hackers Steal Phonebook

September 20, 2011 admin 0 Comments iphone security, iphone skype

iPhone Skype XSS Vulnerability Lets Hackers Steal Phonebook iPhone Skype app XSS Vulnerability. Is claimed to allow Hackers to Steal

IT Security News Security Alerts Vulnerabilities & Exploits Vulnerability Alerts

WordPress WP-DBManager Plugin Vulnerabilities

May 8, 2011May 18, 2011 admin 0 Comments Critical Vulnerabilities, WP-DBManager plugin

WordPress WP-DBManager Plugin Vulnerabilities level: critical Impact: Cross Site Scripting Risk: Exposure of system information and Exposure of sensitive

IT Security News Vulnerabilities & Exploits

Google has updated its Chrome browser to address six vulnerabilities

March 30, 2011 admin 0 Comments

Google has updated its Chrome browser to address six vulnerabilities, all of which have been rated high security risks. Related

Security Advisories Security Alerts Vulnerabilities & Exploits Vulnerability Alerts

Google Chrome Style Handling Memory Corruption Vulnerability

March 14, 2011May 17, 2011 admin 0 Comments

Google Chrome Style Handling Memory Corruption Vulnerability Software Google Chrome 10.x Critical Level: High Impact: System could become compromised leading

Security Advisories Security Alerts Vulnerabilities & Exploits Vulnerability Alerts

Constructr CMS Cross-Site Scripting plus SQL Injection Vulnerabilities

March 14, 2011 admin 0 Comments Constructr CMS, cross-site Scripting

Constructr CMS Cross-Site Scripting plus SQL Injection Vulnerabilities Software: Constructr CMS 3.x Critical Level: Medium Impact: Cross Site Scripting Solution:

Security Advisories Security Alerts Security Risks Vulnerabilities & Exploits Vulnerability Alerts

SAP GUI Insecure Library Loading Vulnerability

March 14, 2011May 18, 2011 admin 0 Comments SAP GUI

SAP GUI Insecure Library Loading Vulnerability Software: SAP GUI 6.x – 7.x Critical Level: High Impact: Possible system access Solution:

Security Advisories Vulnerabilities & Exploits Vulnerability Alerts

WP Forum Plugin SQL Injection Vulnerabilities

March 14, 2011 admin 0 Comments Manipulation of data, SQL Injection Vulnerabilities, Wordpress, WP Forum Plugin

WordPress WP Forum Plugin Multiple SQL Injection Vulnerabilities Software: WP Forum Plugin 1.x Critical Level: High Impact: Manipulation of data

Home User IT Security IT Security News News Vulnerabilities & Exploits

Facebook Hacked by the Ghost of Facebook (Roy)

February 13, 2011May 18, 2011 admin 4 Comments cross-site Scripting, Facebook, Facebook Hacked, Ghost of facebook, Off to Danao City, risk exposed, Roy, security issues, XSS, XSS cross-site Scripting flaw, xss-vulnerability

Roy or as he is also known as the Ghost of facebook discovered several security holes on facebook. One of

← Previous

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings October 10, 2019
In September, security researchers discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution […]
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops October 10, 2019
We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. The post FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops appeared first on .
Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches October 9, 2019
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a […]
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign October 1, 2019
We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign […]
Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play September 26, 2019
We found hundreds of the fake apps on iOS App Store and Google Play, with descriptions that are inconsistent with their content. While the apps’ descriptions varied, they share the same suspicious behavior: They could transform into gambling apps that may get banned for violating local government regulations and app store policies. The post Gambling […]
Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website September 20, 2019
We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler […]
Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads September 19, 2019
By Carl Maverick Pascual (Threats Analyst) Cybercriminals continue to use cryptocurrency-mining malware to abuse computing resources for profit. As early as 2017, we have also observed how they have applied fileless techniques to make detection and monitoring more difficult. On August 2, we observed a fileless cryptocurrency-mining malware, dubbed GhostMiner, that weaponizes Windows management instrumentation... […]
Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites September 18, 2019
We discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. The post Magecart Skimming Attack Targets Mobile […]
When PSD2 Opens More Doors: The Risks of Open Banking September 17, 2019
We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking. The post When PSD2 Opens More Doors: The Risks of Open Banking appeared […]
Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload September 16, 2019
Skidmap, a Linux malware that we recently stumbled upon, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar. These kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts — […]