To view live cyber attacks in real time, visit: norsecorp.com
- Military, FBI, And ICE Are Customers Of Controversial Stalkerware February 23, 2018
- Drupal Patches Critical CMS Vulnerabilities February 23, 2018
- OpenBSD Releases Meltdown Patch February 23, 2018
- CVE-2015-2790 March 30, 2015Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (CVSS:4.3) (Last Update:2016-12-02)
- CVE-2015-2789 March 30, 2015Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 188.8.131.526 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (CVSS:4.4) (Last Update:2016-12-02)
- CVE-2015-2701 March 25, 2015Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (CVSS:6.8) (Last Update:2016-12-02)
- EDR for Everyone Is about Fighting Alert Fatigue February 21, 2018Endpoint detection and response solutions (EDR) are predicted to become a key security technology by 2020.
- Researchers Detail Linux-Based “Chaos” Backdoor February 20, 2018A Linux-targeting backdoor observed in live attacks in June last year was recently found to have been part of an older rootkit, GoSecure researchers reveal.
- Large Crypto-Mining Operation Targeting Jenkins CI Servers February 20, 2018A large malicious crypto-mining operation has recently started targeting the powerful Jenkins CI server, Check Point security researchers have discovered.
- Disk Savvy Enterprise 10.4.18 Buffer Ovreflow February 23, 2018This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
- CloudMe Sync 1.10.9 Buffer Overflow February 23, 2018This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
- AsusWRT LAN Unauthenticated Remote Code Execution February 23, 2018The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then […]