Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These … [Read more...] about Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
popular
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, … [Read more...] about 1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
WARNING — Hugely Popular ‘The Great Suspender’ Chrome Extension Contains Malware
Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be … [Read more...] about WARNING — Hugely Popular ‘The Great Suspender’ Chrome Extension Contains Malware
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed … [Read more...] about A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "dozens of known vulnerabilities" to target widely-used content management systems (CMS). The "KashmirBlack" campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, … [Read more...] about KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
Graphic for illustrationCybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were … [Read more...] about Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks
Critical Flaws Discovered in Popular Industrial Remote Access Systems
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and … [Read more...] about Critical Flaws Discovered in Popular Industrial Remote Access Systems
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile … [Read more...] about Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
125 New Flaws Found in Routers and NAS Devices from Popular Brands
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers … [Read more...] about 125 New Flaws Found in Routers and NAS Devices from Popular Brands