- 3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
Security researchers at Check Point’s exploit research team have been discovered three critical zero-day vulnerabilities in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The vulnerabilities includes CVE-2016-7479—Use-After-Free Code Execution, CVE-2016-7480—Use of Uninitialized Value Code Execution CVE-2016-7478—Remote Denial of Service. Researcher said that first two vulnerabilities, if exploited, would allow a hacker to take full control over the target server and the third vulnerability could be exploited to generate a Denial of Service (DoS) attack, allowing a hacker to hang the websites. The check Point researchers reported all the three zero-day vulnerabilities to the PHP security team on September 15 and August 6.
Cyber Security Tips: Users are strongly recommended to upgrade their servers to the latest version of PHP.
- Topps Customer Data Exposed After Website Hack
The iconic maker of baseball another sports trading cards sent email notifications to potentially impacted users to inform them on the data breach and that personal information submitted to the Topps website (www.topps.com) might have been compromised. According to the email, “one or more intruders” gained to sensitive information via unauthorized access to the company’s website. Notification sent by the company said that compromised data includes names, addresses, email addresses, phone numbers, credit card and debit card numbers, card expiration dates, and card verification numbers. Impacted customers are those who placed orders through the Topps website between around July 30 and October 12, 2016.
Cyber Security Tips: Customers are strongly recommended that change their bank account password, use strong password and keep watch on your account.