You are here:-Tag:Darkmatters

Drupalgeddon 2.0 Still Haunting 115K+ Sites | Threatpost

By | 2018-06-06T08:29:29+00:00 June 5th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S. educational institutions and government organizations

Comments Off on Drupalgeddon 2.0 Still Haunting 115K+ Sites | Threatpost

Google Patches 11 Critical Android Bugs in June Update | Threatpost

By | 2018-06-06T06:53:48+00:00 June 5th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote code execution bugs (CVE-2018-9341, CVE-2018-5146 and CVE-2017-13230) in

Comments Off on Google Patches 11 Critical Android Bugs in June Update | Threatpost

Social Media Privacy Dominates Apple iOS 12, macOS Launches | Threatpost

By | 2018-06-06T15:37:48+00:00 June 5th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Social media privacy is top of mind for Apple on the heels of the Facebook-Cambridge Analytica controversy. On Monday, Apple released the latest versions of its desktop and mobile operating systems at the Worldwide Developers Conference (WWDC), which addresses a bevy of security and privacy concerns tied to wide-range of social media platforms.

Comments Off on Social Media Privacy Dominates Apple iOS 12, macOS Launches | Threatpost

Federal Agencies Face an Uphill Battle in Cyber-Preparedness | Threatpost

By | 2018-06-05T17:35:51+00:00 June 4th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

In the wake of the elimination of the federal cybersecurity czar position, the latest federal cybersecurity preparedness report from the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) shows that U.S. government is nowhere near ready for prime time when it comes to cyber-defense, with 74 percent of

Comments Off on Federal Agencies Face an Uphill Battle in Cyber-Preparedness | Threatpost

Cloudflare Gets Transparent on DNS Resolver Outage | Threatpost

By | 2018-06-05T16:03:39+00:00 June 4th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System (DNS) resolver that matches up URLs (say, “cloudflare.com”) with their corresponding numerical IP addresses. This allows

Comments Off on Cloudflare Gets Transparent on DNS Resolver Outage | Threatpost

Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain | Threatpost

By | 2018-06-05T06:21:23+00:00 June 4th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Facebook is hitting back against a New York Times article alleging that it struck deals enabling phone-makers to access users’ personal information. The incident is yet another blow to the social media giant as it continues to deal with questions and outrage over its data privacy policies. The article, posted Sunday, said Facebook

Comments Off on Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain | Threatpost

Researchers Warn of Microsoft Zero-Day RCE Bug | Threatpost

By | 2018-06-02T07:43:11+00:00 June 1st, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day

Comments Off on Researchers Warn of Microsoft Zero-Day RCE Bug | Threatpost

Browser Side-Channel Flaw De-Anonymizes Facebook Data | Threatpost

By | 2018-06-02T06:12:29+00:00 June 1st, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A side-channel vulnerability in Google Chrome and Mozilla Firefox allows drive-by de-anonymization of Facebook users. An exploit would allow an attacker to pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website – with no additional user interaction. The vulnerability (CVE-2017-15417) lies in

Comments Off on Browser Side-Channel Flaw De-Anonymizes Facebook Data | Threatpost

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders | Threatpost

By | 2018-06-02T15:16:14+00:00 June 1st, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Server and cloud misconfigs continue to plague companies and their customers: This week it came to light that a Universal Music Group contractor neglected to protect an Apache Airflow server, leaving data exposed; while a Honda affiliate in India left two Amazon S3 buckets misconfigured for more than a year. The Honda mistake

Comments Off on Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders | Threatpost

Ticketfly, Major Concert Venues Still Offline After Hack | Threatpost

By | 2018-06-02T13:44:39+00:00 June 1st, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Ticketfly and several major venues’ services are still offline Friday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets. Ticket distribution service Ticketfly said in a statement that it has launched an ongoing investigation into the incident and has yet

Comments Off on Ticketfly, Major Concert Venues Still Offline After Hack | Threatpost