A developer named Tute Costa revealed that an update issued for the ‘strong_password’ Ruby gem contained malicious code that enabled an attacker to remotely perform random code. The developer was updating gems used by a Rails application when he observed that version 0.0.7 of strong_password was pushed out on RubyGems.org, the Ruby Continue Reading
The UK Information Commissioner’s Office has warned British Airways with a staggering £183.39m fine for its inability to protect personal and financial information of roughly 500,000 of its customers. The whopping fine under European General Data Protection Regulation (GDPR), embodies 1.5 per cent of BA’s worldwide revenue in 2017. Information Continue Reading
Of late, Magento addressed susceptibilities that could be misused by unverified attackers to capture administrative sessions and then totally take over flawed web stores. For an effective attack, a threat actor would first have to use a Stored Cross-Site Scripting (XSS) fault to inject a JavaScript payload into the administrator Continue Reading
The U.S. Cyber Command (USCYBERCOM) on Tuesday came up with an alert that it had marked attacks misusing a Microsoft Outlook fault tracked as CVE-2017-11774 in a bid to carry malware. USCYBERCOM says that the attackers delivered malware using the customermgmt.net domain. The U.S Cyber Command has shared numerous malware samples pertaining to Continue Reading
Experts at Kaspersky have exposed a spyware campaign labeled ViceLeaker that spreads in the Middle East to stake out Android users. Kaspersky speckled a spyware campaign, traced as ViceLeaker, that spreads in the Middle East to steal device and communications data from Android users. Active since May 2018, the ViceLeaker Continue Reading
By