The “Kitten of Doom” denial-of-service attack is easy to carry out. A denial of service (DoS) vulnerability in the Skype for Business unified communications platform has been uncovered, which can be triggered by sending large numbers of emojis to the instant messaging client. According to the SEC Consult Vulnerability Lab, which discovered the flaw (CVE-2018-8546),…

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Another day, another critical WordPress plugin vulnerability. The popular AMP for WP plugin, which helps WordPress sites load faster on mobile browsers, has a privilege-escalation flaw that allows WordPress site users of any level to…

Many organizations have yet to create an effective cybersecurity strategy – and it’s costing them millions. The costs associated with data breaches continue to grow at a pace that exceeds the resources available to protect the organizations dealing with the breaches. Two new reports, from IBM and EY, make that same point with different data…

Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also…

What if just receiving a video call on WhatsApp could hack your smartphone? This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app. The vulnerability…

A SQL Injection vulnerability has been discovered in one of the most popular WordPress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely. The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed…

A teenage student has been charged with running a supplying malware that was used for launching distributed denial of service (DDoS) attacks against websites of some of the world’s leading businesses. Jack Chappell, an 18-year-old teenager from Stockport, is accused of helping cyber criminals with his DDoS booter service (DDoS-for-hire service) to flood millions of…

Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data. Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS…

                                       | © 2024 - NCA CERT | Privacy Policy |