15946 matches found
VMWare Patches Critical RCE Flaw in vCenter Server
Click to Register VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution RCE flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of a...
Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines
Recent malware campaigns reveal that cybercriminals aren’t sparing healthcare firms, medical suppliers and hospitals on the frontlines of the coronavirus pandemic. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization...
Misconfigured Firebase Databases Exposing Data in Mobile Apps
Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research CPR found that in three months’ time, 2,1...
Oracle Kills 402 Bugs in Massive October Patch Update
Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update CPU, which fixes 402 vulnerabilities across various product families. Well over half 272 of these vulnerabilities open products up to remote exploitation withou...
Apache Struts Warns Users of Two-Year-Old Vulnerability
The Apache Software Foundation warned in an advisory that the latest version of the Commons FileUpload library is susceptible to a two-year-old remote code execution flaw. Users of the vulnerable library must update their projects manually. The critical bug in Commons FileUpload library is a know...
AZORult Campaign Adopts Novel Triple-Encryption Technique
A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. What makes this campaign unique is...
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...
Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix. The vulnerability in question CVE-2020-0688 exists in the control panel of Exchange,...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...
Cisco Warns of High-Severity Bug in Small Business Switch Lineup
Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...
Android-Based Sony Smart-TVs Open to Image Pilfering
Two vulnerabilities in Android-based smart-TVs from Sony, including the flagship Bravia line, could allow attackers to access WiFi passwords and images stored on the devices. The bugs exist in the Photo Sharing Plus feature of Sony smart-TVs going back to 2015. They were uncovered by xen1thLabs i...
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous...
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...
FBI: APTs Actively Exploiting Fortinet VPN Bugs
The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat APT nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According t...
Cartoon Network Hacked Worldwide to Show Brazilian Stripper Videos
A famous Brazilian male stripper greeted Cartoon Network viewers worldwide when they tried to stream shows over the weekend – thanks to a pair of hackers that took aim at the cable network’s websites across 16 different regions. In the aftermath, entire Cartoon Network sites and video players hav...
Raccoon Stealer Crawls Into Telegram
A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control C2. A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appear...
Actively Exploited Windows Zero-Day Gets a Patch
Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17...
CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer
In a perfect world, CISA would laminate cards with the year’s top 30 vulnerabilities: You could whip it out and ask a business if they’ve bandaged these specific wounds before you hand over your cash. This is not a perfect world. There are no laminated vulnerability cards. But at least we have th...
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, accordin...
2 Million IoT Devices Vulnerable to Complete Takeover
Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer P2P communication technolo...
Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities
Multiple vulnerabilities in the firmware used by the Yi Technology Home Camera version 27US have been found, which could allow remote code-execution on the connected devices. The Yi Home Camera i27US is one of the newer IoT camera models sold in the U.S. It’s an entry-level gadget, which lets...
Critical RCE Bugs Patched in Drupal 7 and 8
Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...
Microsoft Exchange Server Bugs Exploited by ‘Cuba’ Ransomware Gang
The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open these chinks in victims’ armor as early as last August,...
Thousands of Applications Vulnerable to RCE via jQuery File Upload
A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 different software applications at risk for compromise and remote code-execution RCE. jQuery File Upload is a is a user-contributed open-source package for software developer...
SonicWall ‘Botches’ October Patch for VPN Bug
UPDATE An October patch for a critical remote code execution RCE bug in a SonicWall VPN appliance turned out to be insufficient. While the patch closed the RCE attack vector, more than 800,000 devices were still vulnerable to an additional memory-leak flaw for months, according to researchers...
Known Citrix Workspace Bug Open to New Attack Vector
A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
North Korean threat actors exploited a remote code execution RCE zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers. Google Threat Analysis Group TAG discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting a...
Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems
More than 100,000 Windows systems have not yet been updated to protect against a previously-patched, critical and wormable flaw in Windows called SMBGhost. Microsoft patched the remote code-execution RCE flaw bug tracked as CVE-2020-0796 back in March; it affects Windows 10 and Windows Server 201...
PortSmash Side Channel Attack Siphons Data From Intel, Other CPUs
Yet another side-channel attack, this time dubbed PortSmash, has been discovered in CPUs. The attack allows attackers to manipulate a glitch in the simultaneous multithreading SMT architecture used in CPUs — and siphon processed data from chips. Several attacks have popped up over the past year...
Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign
Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years – in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Click to Register The attack is still in operation as of this writing – and due to the...
APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
UPDATE A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. It could also open the door to remote code execution RCE, researchers said. The flaw CVE-2020-5135 is a stack-based buffer overflow in the SonicWall...
iPhone Bug Allowed for Complete Device Takeover Over the Air
Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within...
AWS FreeRTOS Bugs Allow Compromise of IoT Devices
Researchers have found that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities. The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems, leak information from the devices’ memory, and take...
Working BlueKeep Exploit Developed by DHS
The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...
Adaptable, All-in-One Android Trojan Shows the Future of Malware
A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...
Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign
An ongoing surveillance operation has been uncovered that targets a Southeast Asian government, researchers said – using a previously unknown espionage malware. According to Check Point Research, the attack involves spear-phishing emails with malicious Word documents to gain initial access, along...
Debunking AI’s Impact on the Cybersecurity Skills Gap
Artificial intelligence is the latest buzzword to take hold of the cybersecurity industry. It is being touted, among other things, as the ultimate solution to the cybersecurity skills gap. But just how accurate is this belief? Will AI be the cure to all of our cybersecurity ailments, as human...
Researchers Compromise Netflix Content in Widevine DRM Hack
Researchers have used a proof-of-concept PoC side-channel attack to download an unencrypted raw file for Netflix’ Stranger Things, in a format that’s ready to distribute out to any buyer on the internet. This pirate’s booty is the result of breaking open the widely deployed digital rights...
Windows PoC Exploit Released for Wormable RCE
A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...
PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware
A stealthy malware delivery tactic has been uncovered in the way videos are embedded into Microsoft Word Documents, according to researchers. It allows JavaScript code-execution when a user clicks on a weaponized YouTube video thumbnail within a Word document – with no alert message displayed by...
Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Bug
UPDATE Apple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. The wide-ranging security fixes came on the same day Apple announced a...
Adult Website Hack Exposes 1.2M ‘Wife Lover’ Fans
The database underlying an erotica site known as Wife Lovers has been hacked, making off with user information protected only by a simple-to-crack, outdated hashing technique known as the DEScrypt algorithm. Over the weekend, it came to light that Wife Lovers and seven sister sites, all similarly...
KP Snacks Left with Crumbs After Ransomware Attack
KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British company also the purveyor of deeply English treats such as Skips prawn cocktail...
ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach
About a fifth of Americans would ditch a business in the wake of a major data breach, new research has found. In a survey of 2,000 adult consumers across the United States by PCI Pal, almost half 44 percent of them have personally suffered the negative consequences of a security breach or hack. S...
Microsoft Patches Zero-Day Bug Under Active Attack
Microsoft has released a patch for an elevation-of-privileges vulnerability rated important, which is being exploited in the wild. The bug fix is part of Microsoft’s May Patch Tuesday Security Bulletin. It’s tied to the Windows Error Reporting feature and is being abused by attackers who have...
Conti Ransomware Decryptor, TrickBot Source Code Leaked
The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...
Cisco Network Security Flaw Leaks Sensitive Data
A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense FTD software, which is part of...
Serious Exchange Flaw Still Plagues 350K Servers
Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...
Popular ThemeREX WordPress Plugin Opens Websites to RCE
A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...