Category Archives: Security Updates

Data Breach Strikes 15K BevMo E-commerce Users

BevMo, the alcohol retailer revealed to the office of the California Attorney General that its website was breached, compromising the credit card information of about 15,000 users.

The website is carried off by NCR Corp., which identified a harmful code which was added on the website checkout page by a non-official attacker who acquired access, siphoning user’ names, debit  or credit numbers, their expiry dates, phone numbers, email addresses, CVV2 codes, shipping and billing addresses.

Continue reading

Prominent Phishing Attacks Enterprises Need to Know

Phishing is the motive of sending unlawful or swindling communications that become visible to approach from a famous source. It is commonly done through email which has been practiced widely across the world. The main motive in this act is to steal highly sensitive information such as credit card, debit card and login information of accounts, or even to install malware on the system of the victim. Phishing is a general kind of cyber threat that everyone should acquire information about it so as to safegurad themselves.

Continue reading

Employee Data Reveals in An Attack at NASA Server

NASA – The U.S. National Aeronautics and Space Administration has affirmed that one of its servers faced threat through hack in October, with various employee information, comprising social security numbers, revealed to hackers.

NASA states it is presently alerting employees whose data may have been impacted in a statement circulated couple of days ago. An inquiry has already commenced, however NASA states Social Security numbers and various personally detectable data were saved on the cracked server.

Continue reading

Microsoft Urges to Patch the 0-day Vulnerability in Internet Explorer

Microsoft announced an out-of-band modification on Wednesday for its web browser, Internet Explorer fixes a zero-day bug victimized by harmful hackers in marked threats. Microsoft has recognized Clement Lecigne of Google’s Threat Analysis Group for documenting the bug, however neither Microsoft nor Google have stated any information associated the threats involving the vulnerability.

Continue reading

Code Implementation Bug in SQLite Impacts Chrome, and Software

Numerous applications employing the famous SQLite Database Management System could be revealed to threats due to a possibly critical bug that can lead to distant code implementation, information revelation, and Denial of Service threats. The bug was identified by analysts of the Blade Team based at China-based internet giant Tencent. The professionals have titled the bug “Magellan” and they demand it impacts any piece of software that employs Chromium or SQLite – Chromium believes on WebSQL, which is rooted on SQLite.

Continue reading

Various Flaws Fixed With The Announcement of WordPress 5.0.1

On Thursday, WordPress developers released the availability of WordPress version 5.0.1 of the Content Management System, which states various sorts of flaws.

Tim Coen, the researcher has detected various Cross-Site Scripting vulnerabilities in WordPress, containing one reasoned by the capability of contributors to modify the new comments from customers along with higher advantages. He also identified that a particularly crafted URL input can be employed for Cross-Site Scripting threats – this issue merely influences few plugins.

Continue reading

Microsoft Fixes Two Windows Zero-Day Flaws Found Under Attack

Microsoft has patched around sixty flaws, containing two Windows zero-day vulnerabilities that can be oppressed for isolated code execution and privilege acceleration. The more critical of the zero-day flaw is CVE-2018-8174, a serious problem that let the cybercriminals to distantly accomplish random code on entire sustained versions of Windows.

Continue reading

March 2018 Patches, Android Fixes Severe High Threat Flaws

Google has announced its March 2018 fixes of security updates for Android to state several dangerous and high severity susceptibilities in the famous mobile operating system. The majority of the serious susceptibilities stated this month could let a cybercriminal to implement code distantly on pretentious devices. Influenced components contain media structure, system, and kernel, Nvidia, and Qualcomm components.

An entire of sixteen susceptibilities were stated as part of the 2018-03-01 security fix level: eight regarded crucial severity and eight measured as high risk. The most serious of these susceptibilities could let a distant cybercriminal using a particularly crafted file to run random code with high rights. Four of the Critical flaws (three remote code execution bugs and one elevation of privilege issue) and two high risk flaws were stated in media framework. The left behind four crucial susceptibilities and six high risk problems were determined in system.

The 2018-03-05 security fix level stated 21 susceptibilities, only three of which were valued crucial severity. All of the left over flaws were measured high danger, Google records in a suggestion. The errors mark Kernel gears (two elevation of privilege and four information disclosure High risk issues), NVIDIA components (two High risk elevation of privilege bugs), Qualcomm components (two Critical – remote code execution – and nine High risk – six elevation of privilege, two information disclosure, and one denial of service – vulnerabilities), and Qualcomm closed-source components (one Critical and one High risk).

Google also stated above forty susceptibilities influencing its Pixel / Nexus devices the current month, maximum of them valued adequate severity. A reasonable risk elevation of rights problem was fixed in framework, two high serious rejection of service flaws were determined in Media framework, and two elevation of rights and two facts revelation susceptibilities were patched in system, all four average risk. Google also stated one high risk facts exposed and five adequate elevation of privilege problems in kernel components, three adequate facts exposed flaws in Nvidia components, and eighteen elevation of privilege and nine facts exposed problems in Qualcomm components (all adequate severity).

Pixel 2 and Pixel 2 XL devices also got patches for different working issues that were not associated to the security of these devices. As an alternative, they enhanced screen rouse rendering with fingerprint unlock, audio rendering when recording video, and smash reporting.