News

Gmail was a first mail service that launched safety standards MTA-STS and TLS Reporting support

Gmail

According to Google message, Gmail became first big mailing service that supports new safety standards MTA-STS and TLS Reporting. Both standards are extensions for Simple Mail Transfer Protocol (SMTP) that is a protocol used for sending of all emails today. MTA-STS and TLS Reporting assist email-services in establishing cryptographically protected connections with each other. In some kind, it is prevention …

Read More »

Microsoft report: in March hackers actively used WinRAR vulnerabilities

WinRar hacked

Microsoft published details of Windows-managed attacks on computers in media companies that took place in March. In the attacks, criminals utilized famous WinRAR vulnerability that gained popularity within criminal groups in the latest months. Hackers armed themselves with it immediately after publication by Check Point company, on February 20. That time researchers demonstrated how through this vulnerability code with the …

Read More »

Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10. During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious …

Read More »

Researchers found vulnerabilities in WPA3 protocol that allow obtaining Wi-Fi passwords

dragonblood

Though Wi-Fi Protected Access III (WPA3) standard released less than a year ago, researchers found significant vulnerabilities in a standard that enable Wi-Fi extraction and network access. WPA3 was created to improve flaws in WPA2 protocol that for a long time was considered unsafe and vulnerable to Key Reinstallation Attack (KRACK). Despite WPA3 protocol relies on safer handshake SAE (Simultaneous …

Read More »

In new patch Microsoft corrected 74 bugs, including two 0-day vulnerabilities

Microsoft Corporation issued update package that treats 74 bugs, including two zero-day (0-day) vulnerabilities in different products. Two recently discovered issues as CVE-2019-0803 and CVE-2019-0859 are vulnerabilities of privilege shift that involve Win32k component. According to Microsoft description, bug exists due to incorrect procession of memory volumes, and its exportation allows using a code in a kernel mode. As a …

Read More »

PoC-code for vulnerability in Apache HTTP-server published on GitHub

Developer Charles Fol discovered Carpe Diem (CVE-2019-0211) vulnerability in Apache HTTP Server 2.4. In certain conditions, it allows implementing side code which gives rights of administrator and capturing server management. Charles Fol published PoC-code on GitHub website. In the accompanying comments engineer explained that code has intermediate meaning between demonstrative PoC and valid exploit and has educational purposes. However, intruders …

Read More »

Exodus Spyware Found in Apple iOS Devices

The Exodus spyware was signed with legitimate Apple developer certificates. The government spyware Exodus, which was previously found in 25 different applications on Google Play, is now ported to iOS as well. This is a warning researchers Lookout Security. Spy Exodus can extract user contacts, record conversations, intercept photos and track location. According to experts, the iOS version of this …

Read More »