Threats & Malware, Vulnerabilities
March 14, 2024
Via: The Hacker NewsFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]
Application security, Security
February 8, 2024
Via: The RegisterMemory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they’re not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won’t fix […]
Threats & Malware, Virus & Malware
February 8, 2024
Via: The RegisterLastPass says a rogue application impersonating its popular password manager made it past Apple’s gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. The software maker went public about the fake mobile app […]
December 8, 2023
Via: The RegisterA trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors. Newag, a Polish train maker, emphatically denied that it installed such software […]
December 7, 2023
Via: TechRadarWhatsApp is officially giving users the ability to send out temporary voice messages to their contacts. We say “officially” because this feature has actually been around for the past two months or so although it was in a beta state. […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterAtlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren’t live for all readers at the time of despatch. The email, seen by The Register, […]
September 20, 2023
Via: The RegisterThe ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data. China’s […]
Threats & Malware, Virus & Malware
July 21, 2023
Via: The Hacker NewsA new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. “HotRat malware equips attackers with a wide array […]
Threats & Malware, Vulnerabilities
June 26, 2023
Via: SecurityWeekTracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, these high-severity issues could be exploited to exhaust the available memory, or could cause named – BIND’s daemon that functions both as a recursive resolver and as an authoritative name server – to crash. […]
Threats & Malware, Virus & Malware
June 23, 2023
Via: The RegisterMalware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint. The software nasty comes from a group called Camaro Dragon that Checkpoint’s researchers on Thursday suggested conduct campaigns similar to those run […]
Application security, Security
June 22, 2023
Via: The Hacker NewsMillions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday […]
Threats & Malware, Virus & Malware
June 7, 2023
Via: The Hacker NewsThe Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry’s landscape is made up of approximately 10-20 core […]
Threats & Malware, Virus & Malware
May 31, 2023
Via: The Hacker NewsThe threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void […]
Threats & Malware, Vulnerabilities
May 30, 2023
Via: The Hacker NewsIn this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and […]
Application security, Security
May 30, 2023
Via: The Hacker NewsMultiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different […]
April 24, 2023
Via: The Hacker NewsThreat actors are employing a previously undocumented “defense evasion tool” dubbed AuKill that’s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. “The AuKill tool abuses an outdated version […]
Threats & Malware, Vulnerabilities
April 12, 2023
Via: SecurityWeekOf the 24 notes included in SAP’s security updates (PDF), five are rated ‘hot news’, the highest severity rating. Two of these are new notes and three are updates to previously released security notes. The most important of the new […]
Application security, Security
April 11, 2023
Via: The Hacker NewsCybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late […]
March 7, 2023
Via: The Hacker NewsThe massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what’s a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service […]
Threats & Malware, Vulnerabilities
February 1, 2023
Via: The Hacker NewsTwo more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings […]