Threats & Malware, Vulnerabilities
October 5, 2023
Via: Help Net SecurityA vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in […]
Threats & Malware, Vulnerabilities
June 2, 2023
Via: The Hacker NewsA critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a […]
Threats & Malware, Virus & Malware
March 14, 2023
Via: The RegisterCriminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]
Application security, Security
March 7, 2023
Via: The Hacker NewsAn older version of Shein’s Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
October 31, 2022
Via: The Hacker NewsA now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug […]
Threats & Malware, Vulnerabilities
October 26, 2022
Via: TechRadarAnother week, another Windows 11 22H2 bug – and once again it’s Nvidia graphics cards bearing the brunt of the issues. After an update-induced frame rate problem was recently patched by Nvidia, Reddit users are now reporting yet more performance-related […]
Threats & Malware, Vulnerabilities
October 14, 2022
Via: Security AffairsThe vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted. The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2. […]
Threats & Malware, Vulnerabilities
October 12, 2022
Via: TechRadarA high-severity vulnerability discovered almost a year ago in VMware vCenter Server 8.0 has not yet been patched(opens in new tab), the company has confirmed. The flaw, tracked as CVE-2021-22048, is described as a privilege escalation vulnerability, and allows non-admin […]
Application security, Security
August 31, 2022
Via: Dark ReadingA high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]
August 30, 2022
Via: The Hacker NewsAkasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to […]
January 18, 2021
Via: Security AffairsThe Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. The duo started focusing on Apple’s infrastructure in an attempt to emulate the success of a team […]
Threats & Malware, Vulnerabilities
April 24, 2020
Via: Security AffairsMozilla announced some major changes to its bug bounty program that was first launched in 2004. The organization paid out $965,750 for roughly 350 vulnerabilities, the average payout for each issue was approximately $2,700. Now Mozilla has increased the maximum […]
January 13, 2020
Via: Security AffairsLast week Facebook has addressed a security issue that exposed page admin accounts, the bug was exploited in attacks in the wild against several high-profile pages. The page admin accounts are anonymous unless the Page owner opts to make the […]
December 16, 2019
Via: Threat PostSecurity researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm […]
Mobile, Security, Vulnerabilities
September 25, 2019
Via: Threat PostApple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and […]
August 26, 2019
Via: Threat PostAnother flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code […]
Mobile security, Vulnerabilities
August 15, 2019
Via: Threat PostDozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched. The most […]
Threats & Malware, Vulnerabilities
August 14, 2019
Via: Naked SecurityMicrosoft’s Patch Tuesday bought some very bad news yesterday: more wormable RDP vulnerabilities, this time affecting Windows 10 users. CVE-2019-1181 and -1182 are critical vulnerabilities in Remote Desktop Services (formerly Windows Terminal) that are wormable – similar to the BlueKeep […]
Cyber-crime, Email security, Malware, Security, Vulnerabilities
June 11, 2019
Via: Threat PostMicrosoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882 vulnerability […]
Threats & Malware, Vulnerabilities
May 7, 2019
Via: Threat PostThanks to Mozilla letting an intermediate signing certificate expire, the Tor community was thrown into disarray over the weekend when the NoScript security add-on was suddenly killed for both Firefox and the Tor browser. A fix is available for Firefox, […]