securityXspace: a blog about cyber-philosophy.

It only took the developers of the Slack team collaboration tool five hours to patch a critical vulnerability that could have been exploited to steal a user’s private token and gain access to their account. read more Source: Slack Quickly Patches Account Hijacking Flaw

Many WordPress-powered websites use dozens of plugins from third parties, meaning it is just as important to keep them updated, and protected against security vulnerabilities as other software on your computers. Read more in my article on the Tripwire State of Security blog. Source: Over a million websites could be at risk from critical WordPress…

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections (ACC) library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized 20 percent of their work time to patch thousands of open…

New York Times Obama Administration Rushed to Preserve Intelligence of Russian Election Hacking New York Times President Obama in December. Some in his administration feared that intelligence about Russian interference in the 2016 election could be covered up or destroyed.

According to media reports, Luxembourg fends off cyberattack on government sites. Gilles Feith, the chief of the CTIE government IT center, said Wednesday that it was the first time the Luxembourg official sites had been targeted to such an extent. Source: DDoS Attacks in Luxembourg

The Merkle Necurs Botnet Developers Add DDoS Capabilities To Their Modular Malware The Merkle Their new update allows this tool to execute distributed denial-of-service attacks with relative ease once it infected a target computer. Source: Necurs Botnet Developers Add DDoS Capabilities To Their Modular Malware

Recently, we have discovered 132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages, with the most popular one having more than 10,000 installs alone. Our investigation indicates that the developers of these infected apps are not to blame, but are more likely victims…

A major upgrade to the malware will potentially cause even more headaches for European banks. Source: Dridex Trojan updated with AtomBombing evasion techniques

Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploited by attackers to inject malicious HTML and JavaScript into the browsers of other users who visit the portal. Source: XSS flaws in Zscaler…

The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk. Source: Million-Plus WordPress Sites Exposed by Vulnerable Plugin