Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service

A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator.The audit was conducted by Radically Open Security as part of Mozilla’s Open Source Support program (MOSS), which aims to ensure that the open source ecosystem is “healthy and secure.” iTerm2 was selec

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur

Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.The National Security Agency (NSA) this week issued an advisory with remediation steps for recently disclosed vulnerabilities in virtual private network (VPN) products from Palo Alto Networks, Fortinet, and Pulse Secure."Multiple Nation State Advanced Pers

Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.Developed by the NSA’s Research Directorate for the agency’s cybersecurity missions, Ghidra is designed to help with malware analysis. The framework supports multiple platforms, incl

A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.A vulnerability that's been patched is still a vulnerability if patches haven't been applied. And unpatched vulnerabilities are catnip to criminals. That's the case with Drupalgeddon2 (CVE-2018-7600), a critical vulnerability in CMS pl

The developers of the popular privacy-focused messaging application Signal have rushed to patch a serious vulnerability in the Android version that can be exploited by an attacker to eavesdrop on users.The flaw, tracked as CVE-2019-17191, was discovered by Google Project Zero researcher Natalie Silvanovich. The issue was reported to Signal developers in late

Web-conferencing users who don't assign passwords could be having online meetings with more people than they think, according to new research.The Cequence CQ Prime Threat Research team today announced its discovery in July 2019 of a vulnerability in the Cisco Webex and Zoom video-conferencing platforms that potentially

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the forums of cybersecurity solutions provider Comodo.Comodo informed customers on Monday that data associated with their Comodo Forums account may have been accessed by threat actors on Sunday after they exploi

A Critical vulnerability recently addressed in the popular open-source email server Exim could lead to remote code execution. Exim is an open source mail transfer agent (MTA) widely used in systems running Linux and macOS. At the moment, Exim powers over half of email servers out there. Tracked as CVE-2019-16928, the newly addressed security vulner

San Francisco-based vulnerability management solutions provider Kenna Security on Monday announced that it has raised $48 million in a Series D funding round, which brings the total raised by the company to $98 million.New investors Sorenson Capital and Citi Ventures, along with existing investors Bessemer Venture Partners, U.S. Venture Partners, Costanoa Ve

A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.A newly disclosed critical vulnerability in the OnApp cloud orchestration platform could let an attacker compromise an entire private cloud with access to a single server, researchers report.The finding comes from researchers at secur

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot