Lees hier het laatste Security nieuws. Speciaal voor U verzameld

Vulnerability Lab

Vulnerability Lab (Index)
The vulnerability laboratory core research team discovered a local privilege escalation vulnerability via improper direc...
The vulnerability laboratory core research team discovered a open redirect web vulnerability in the official Microsoft B...
The vulnerability laboratory core research team discovered a persistent cross site scripting vulnerability in the offici...
The vulnerability laboratory core research team discovered a denial of service vulnerability in the Intel Distribution f...
The vulnerability laboratory core research team discovered a denial of service vulnerability in the Intel Extreme Tuning...
The vulnerability laboratory core research team discovered a local privilege escalation vulnerability in the Intel OpenV...
The vulnerability laboratory core research team discovered a client-side cross site vulnerability in the Barracuda Netwo...
The vulnerability laboratory core research team discovered a local privilege escalation vulnerability in the official In...

Virus Alerts

InfoSec - Virus and Malicious Code Alerts

Security Week Nieuws

SecurityWeek RSS Feed
A recently discovered piece of malware targeting Mac systems is a combination of two open-source programs, Malwarebytes security researchers warn.  read more
Over the years, I have participated in many advisory boards. In every case, I have been a strong supporter of the business and wanted to contribute. However, in almost every case, I ended up feeling like I provided little more than my name on a pitch deck slide. In 2016, I was tasked with working with outside advisor Gary McGraw to create an advisory board focused on improving security for Ntrepid. read more
A newly enacted law rushed through Australia's parliament will compel technology companies such as Apple, Facebook and Google to disable encryption protections so police can better pursue terrorists and other criminals. read more
A British teenager involved in making false bomb threats and launching distributed denial-of-service (DDoS) attacks has been sentenced to three years in prison. read more
The Linux.org community website was defaced last week after someone gained access to its associated registrar account and modified DNS settings. read more
Europol this week announced that 168 people were arrested in a massive operation that resulted in the identification of 1,504 money mules.  read more
Embattled Chinese telecoms giant Huawei has agreed to British intelligence demands over its equipment and software as it seeks to be  part of the country's 5G network plans, the FT reported Friday. read more
The U.S. Department of Justice announced this week that a 44-year-old man from California has been sentenced to 26 months in prison for launching distributed denial-of-service (DDoS) attacks on two popular astronomy websites. read more
Google this week announced the availability of several new features for its Google Cloud Platform (GCP) customers, as part of the beta release of its Cloud Security Command Center (Cloud SCC).  read more
The European Union and its citizens should be "worried" about telecoms giant Huawei and other Chinese firms that cooperate with Beijing's intelligence services, a senior EU official warned Friday. read more

Latest security vulnerabilities

Latest security vulnerabilities ,with exploits, (Denial Of Service,Execute Code,Overflow,CSRF,File Inclusion,Gain Privilege,SQL Injection,Cross Site Scripting (XSS),Directory Traversal,Memory Corruption,Http Response Splitting,Bypass,Gain Information)
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (CVSS:4.3) (Last Update:2016-12-02)
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (CVSS:4.4) (Last Update:2016-12-02)
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (CVSS:6.8) (Last Update:2016-12-02)
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. (CVSS:6.8) (Last Update:2016-12-02)
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. (CVSS:7.5) (Last Update:2016-12-02)
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. (CVSS:4.3) (Last Update:2016-12-02)
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. (CVSS:6.5) (Last Update:2018-10-09)
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. (CVSS:4.3) (Last Update:2018-10-09)
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:4.3) (Last Update:2016-12-02)
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. (CVSS:7.5) (Last Update:2016-12-02)