Oracle has released an emergency patch after a security vulnerability was revealed in its WebLogic middleware last week.
The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server.
GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year.
The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Kibana apps are normally used by a company's IT and development staff, as the app allows programmers to manage Elasticsearch databases via a simple web-based visual interface.
Google's Project Zero team is well-known for discovering vulnerabilities and bugs in Google's own software as well as that developed by other companies. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period. In specific scenarios, companies may even be given less than the standard 90 days to fix issues before Google publicly announces them.
Zoom has gone from startup to verb in record time, by now the de facto video call service for work-from-home meetings and cross-country happy hours alike. But while there was already plenty you could do to keep your Zoom sessions private and secure, the startup has until now lacked the most important ingredient in a truly safe online interaction: end-to-end encryption. Here’s how to use it, now that you can, and why in many cases you may not actually want to.
By: Weixien Toh
The number of reported machine identity-related cyberattacks grew by 433 percent between 2018 and 2019, according to a new report from Venafi.
Between 2015 and 2019, the number of reported cyberattacks that used machine identities grew by more than 700 percent. Over the same period the number of vulnerabilities involving machine identities grew by 260 percent, increasing by 125 percent between 2018 and 2019.
Security researchers have discovered a new remote access trojan (RAT) being advertised on Russian-speaking underground hacking forums.
Named T-RAT, the malware is available for only $45, and its primary selling point is the ability to control infected systems via a Telegram channel, rather than a web-based administration panel. It's author claims this gives buyers faster and easier access to infected computers from any location, allowing threat actors to activate data-stealing features as soon as a victim is infected, before the RAT's presence is discovered.
A Dutch security researcher says he accessed President Trump’s @realDonaldTrump Twitter account last week by guessing his password: “maga2020!”.
Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities, told TechCrunch he guessed the president’s account password and was successful on the fifth attempt.
Wednesday night, at a brief, hastily arranged press conference at FBI headquarters, four top US national security officials announced solemnly that they had evidence that two foreign adversaries, Iran and Russia, had obtained US voter data and appeared to be trying to spread disinformation about the election.
The results of a six-month investigation into a botnet that targets a vulnerability in content management systems have been released today by Imperva Research Labs.
The botnet known as 'KashmirBlack' first appeared around November 2019 and is still active. It's managed by a single command and control server and uses more than 60 servers -- mostly innocent surrogates -- as part of its infrastructure.
