Mới đây, lỗ hổng SigRed có tiềm năng dẫn tới thảm hỏa như virus WannaCry hay Petya vừa được công bố. Lỗ hổng đạt mức độ nghiêm trọng 10/10 theo thang điểm CVSS, được đặt tên bởi các nhà nghiên cứu của CheckPoint. SigRed cho phép thực thi mã từ xa trên Microsoft DNS Server, là một thành phần quan trọng của hạ tầng tổ chức công nghệ thông tin. Từ đó, tin tặc có thể chặn, thao túng email, lây lan mã độc, mã hóa, tống tiền trong tổ chức.
Ngân hàng nhà nước Việt Nam phối hợp cùng công ty Cổ phần An Ninh Mạng Việt Nam VSEC tổ chức: "Diễn tập ATTT cho khối ngân hàng tại Việt Nam"
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system.
Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the result of a "technical issue" in Google's Takeout, a service that backs up all your Google account data into a single file and then lets you download it straight away.
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as "next-generation
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: