Malwarebytes Lab announced that they have discovered a use of an icon file to hide a web skimmer for a credit card skimming operation. Malwarebytes Lab announced a new method they have discovered, a web skimmer can be hidden behind a favicon, an image file displayed on the browser’s tab. With this method, hackers aim...
Jetpack announced the launch of Jetpack Scan, an automated malware and vulnerability scanning solution for WordPress. Popular WordPress toolkit Jetpack has announced Jetpack Scan solution, specifically for WordPress websites. Jetpack Scan‘s simple interface allows customers to keep tabs on everything without being a security expert. With Jetpack Scan, site owners can review scan results, fix...
imunifySecurity announced that a new beta version of Imunify360, version 4.9, is now available for users. The latest version of Imunify360 includes various new features. Starting from version 4.9, Imunify360 now supports CentOS 8 with Plesk, CentOS 8 with DirectAdmin, CentOS 8 as stand-alone, CloudLinux OS 8 with DirectAdmin, and CloudLinux OS 8 as stand-alone....
One of the well-known firewall software out there IPFire has released its 2.25 Core Update 145 version. This marks the one of the largest updated that IPFire has ever received. IPFire is one of the most flexible security tools out there that can act as a data center firewall as well as a home firewall....
VMware has released a patch to fix a vulnerability in VMware Cloud Director that could be exploited to perform code execution attacks and take over private clouds. Ethical hacking company Citadelo identified a vulnerability that bypassed VMware’s underlying security fundamentals. The bug that has been discovered in VMware Cloud Director was caused by a failure...
Joomla announced a new data breach that impacted 2,700 users and exposed their critical personal information. Open-source content management system, Joomla announced that 2,700 users’ information with an account on resources.joomla.org were breached. Unencrypted JRD full site backups were stored in a third-party company Amazon Web Services S3 bucket. The third-party company is owned by...
GitHub’s security team announced that they have found a malware, named Octopus Scanner, in 26 repositories. GitHub’s security team has announced that they have received a message from a security researcher who pinpoints a malware in GitHub-hosted repositories. GitHub’s analysis shows that the malware is designed to enumerate and backdoor NetBeans projects. The malware is...
A credit card swiper injection has been detected in WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.
Wordfence announced that there is an uptick in attacks targetting cross-site scripting (XSS) vulnerabilities. Wordfence team announced that over 900,000 WordPress sites are under attack, approximately 30 times the normal volume. The attacks, targetting the XSS vulnerabilities began on April 28 and increased on the following days. Malicious JavaScript Most of these attacks are attempting...
Israeli cybersecurity researchers have concluded their researches about a new flaw impacting DNS protocol called NXNSAttack. Israeli cybersecurity researchers shared the details about NXNSAttack which impacts recursive DNS servers and the process of DNS delegation. Several of the companies in charge of the internet infrastructure, including Cloudflare, Google, Amazon, Microsoft, Oracle-owned Dyn, Verisign, and IBM...