20831 matches found
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...
Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground
Discover stories about threat actors' latest tactics, techniques, and procedures from Cybersixgill's threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top...
Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer
Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a...
Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows - CVE-2023-28205 - A use after free issue in WebKit that could lead to arbitrary code execution...
Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly...
Application Security vs. API Security: What is the difference?
As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...
Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 CVSS score: 9.8, the issue relates to a case of remote code execution residing in the HFS...
Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel CWP that enables elevated privileges and unauthenticated remote code execution RCE on susceptible servers. Tracked as CVE-2022-44877 CVSS score: 9.8, the bug impacts all versions of...
WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious...
Critical Security Flaw Reported in Passwordstate Enterprise Password Manager
Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from ...
Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
The U.S. National Security Agency NSA on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller ADC and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518...
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface UEFI firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases incl. dbx...
Researchers Detail Azure SFX Flaw That Could've Allowed Attackers to Gain Admin Access
Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer SFX that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2...
Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat APT group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets...
Uber Blames LAPSUS$ Hacking Group for Recent Security Breach
Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone ha...
Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to WikiLeaks
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency CIA, has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified...
OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks
The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory...
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March...
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface UEFI security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and...
Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking
Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage TNAS devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating Syste...
Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service DNSaaS providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic...
Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music,...
WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months
WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that...
Researchers Reveal New Security Flaw Affecting China's DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...
Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed "Cookiethief" by Kaspersky researchers, the Trojan works by...
WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this...
Greece U-Turns — Now Approves Mr. Bitcoin's Extradition To Russia
Greece just took another U-turn. Mr. Bitcoin a.k.a. Alexander Vinnik is not going to France nor to the United States; instead, he is now possibly going to his homeland Russia. The Supreme Civil and Criminal Court of Greece on Friday has overruled previous decisions and approved to extradite the...
Google launches 'Data Transfer Project' to make it easier to switch services
A lot of new online services are cropping up every day, making our life a lot easier. But it is always harder for users to switch to another product or service, which they think is better because the process usually involves downloading everything from one service and then re-uploading it all aga...
Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic
The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
Seagate, a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage NAS device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product, found in home and business networks, is...
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
A 20 year old critical subtle integer overflow vulnerability has been discovered in Lempel-Ziv-Oberhumer LZO, an extremely efficient data compression algorithm that focuses on decompression speed, which is almost five times faster than zlib and bzip compression algorithms. Lempel-Ziv-Oberhumer LZ...
CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered
None...
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities...
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 CVSS score: 7.5, a memory corruption bug in the Scripting Engine...
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in...
Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware
Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three year...
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S...
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have...
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control C2 server IP...
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 CVSS score: 7.2,...
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 CVSS score: 9.8, enables unauthenticated attackers to achieve remote code execution. It impacts all...
Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting XSS vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia,...
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPad...
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts
Threat actors can take advantage of Amazon Web Services Security Token Service AWS STS as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and...
Researchers Expose Prolific Puma's Underground Link Shortening Service
A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years. Prolific Puma creates "domain names with an RDGA registered domain generation algorithm and us...
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of...
The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)
SaaS Security's roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. "SaaS Security on Tap" is a new vid...
Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
Firewall and distributed denial-of-service DDoS attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the...
Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android...
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...