NodeJS has released fixes for CVE-2020-8277, a DoS vulnerability that could be triggered via DNS requests.... Read More
Security
Development team behind Drupal, a popular CMS and blogging platform has issued patches for a remote code execution vulnerability, CVE-2020-13671.... Read More
Newly spotted Ethereum vulnerabilities put $1 billion at stake
Researchers have discovered multiple serious vulnerabilities in Ethereum putting cryptocurrency worth million of dollars at risk... Read More
Tips to prevent malware from infecting your system
With work-from-home on the rise, what are some malware types to look out for? And, what are some best practices to safeguard yourself from cyberattacks?... Read More
SaltStack discloses critical bugs on Election Day
SaltStack has publicly disclosed 3 vulnerabilities that had been impacting Salt instances for some time. Two of these have been rated as High or Critical.... Read More
Lacework tracks Moobot: botnet that targets vulnerable Docker APIs
There is an abundance of Mirai-based botnets in the wild however “Moobot”, which targets vulnerable Docker APIs, recently showed up on our radar. This blog... Read More
Bug bounty programs don’t always pay up: researchers
It is worth noting that critical exploits could sell on the darknet for far worth more than what a nominal bounty payout may entail. Earlier this year, a Zoom zero-day exploit was being sold for $500,000.... Read More
Palo Alto Networks researcher discovers Linux privilege escalation vulnerability
A privilege escalation vulnerability had been lurking in the Linux kernel all this time until being discovered by a Palo Alto Networks researcher last week.... Read More
Office 365 phishing page evades detection using Google captcha
A newly discovered Microsoft Office 365 phishing campaign makes the recipient solve Google reCaptchas to both add some legitimacy to itself and evade detection systems.... Read More
Gravatar API lets you scrape millions of user profiles
Italian security researcher, Carlo Di Dato discovered that the hidden URL API routes as those shown below can allow a web scraper or bot to enumerate every single Gravatar profile and collect its public data.... Read More
Phishing kit screenshots your email domain on the fly to appear real 
Royal Mail online tracking returns — with a frustrating captcha that works half the time 
New convincing phishing campaign targets Booking.com and Blockchain.com customers 
A spreadsheet hosted on Intel.com is flagged as malware—but is it?