Tag: Code Injection
-
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new …
-
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning …
-
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be …
-
Over 4,000 Internet-facing Sophos Firewalls Vulnerable to Code Injection Attacks
The Sophos Firewall Webadmin and User Portal HTTP interfaces are vulnerable to unauthenticated and remote code execution, as stated in an …
-
Malicious code in APKPure app
Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version …
-
Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
A popular precious-metals dealer, JM Bullion, has been the victim of a payment-skimmer attack. The company took months to notify its users …
-
The cybercrime ecosystem: attacking blogs
It is very common to see cybercriminals exploit vulnerabilities in blogging software such as WordPress and Joomla! for injecting their …
-
Website, Know Thyself: What Code Are You Serving?
When we think of “securing our website” from attackers, we often think of securing against hooded figures somewhere in Eastern Europe …
-
No summer break for Magecart as web skimming intensifies
This summer, you are more likely to find the cybercriminal groups Magecart client-side rather than poolside. Web skimming, which consists …
-
Privacy and security risks as Sign In with Apple tweaks Open ID protocol
To many, it sounded like a good idea when Apple announced its Sign In with Apple service at WWDC 2019 last month: a privacy-focused login …
-
ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the …
-
Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft
The npm security team, in collaboration with Komodo, just prevented the theft of $13M USD worth of cryptocurrency held in Agama wallets …
●●●