Top

Category: Vulnerabilities


Threats & Malware, Vulnerabilities

TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability

June 5, 2024

Via: The Register

Miscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation. We can […]


Threats & Malware, Vulnerabilities

How Apple Wi-Fi Positioning System can be abused to track people around the globe

May 23, 2024

Via: The Register

Academics have suggested that Apple’s Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, “Surveilling the Masses with Wi-Fi-Based Positioning Systems,” Erik Rye, a PhD student at the University of Maryland (UMD) […]


Threats & Malware, Vulnerabilities

NCSC CTO: Broken market must be fixed to usher in new tech

May 16, 2024

Via: The Register

National Cyber Security Centre (NCSC) CTO Ollie Whitehouse kicked off day two of Britain’s cyber watchdog’s annual shindig, CYBERUK, with a tirade about the tech market, pulling it apart to demonstrate why he believes it’s at fault for many of […]


Threats & Malware, Vulnerabilities

NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities

May 14, 2024

Via: The Register

The UK’s NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited. Originally disclosed in March, the three vulnerabilities all had proof of concept (PoC) exploit code released the day after […]


Threats & Malware, Vulnerabilities

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

May 8, 2024

Via: Security Affairs

Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially […]


Threats & Malware, Vulnerabilities

Massive security hole in VPNs shows their shortcomings as a defensive measure

May 8, 2024

Via: CSO Online

Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. A massive security hole in virtual private networks (VPNs) reported this week highlights the […]


Threats & Malware, Vulnerabilities

Chinese government website security is often worryingly bad, say Chinese researchers

May 3, 2024

Via: The Register

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week. The authors, all from the Harbin Institute of […]


Threats & Malware, Vulnerabilities

Google fixed critical Chrome vulnerability CVE-2024-4058

April 25, 2024

Via: Security Affairs

Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute […]


Threats & Malware, Vulnerabilities

MITRE says it was hit by hackers exploiting Ivanti flaws

April 22, 2024

Via: TechRadar

The not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, […]


Threats & Malware, Vulnerabilities

The importance of the Vulnerability Operations Centre for cybersecurity

April 19, 2024

Via: TechRadar

Traditional cybersecurity is laser-focused on incident detection and response. In other words, it’s built around a Security Operations Centre (SOC). That’s no bad thing in itself. Read between the lines, however, and that assumes we’re waiting on the threats to […]


Hacker, Threats & Malware, Vulnerabilities

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

April 18, 2024

Via: The Hacker News

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That’s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the […]


Threats & Malware, Vulnerabilities

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories

April 17, 2024

Via: The Register

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed. In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, […]


Threats & Malware, Vulnerabilities

Palo Alto Networks Warns of Exploited Firewall Vulnerability

April 12, 2024

Via: Security Week

Tracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances. “A command injection vulnerability in the GlobalProtect […]


Threats & Malware, Vulnerabilities

Microsoft fixed two zero-day bugs exploited in malware attacks

April 11, 2024

Via: Security Affairs

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]


Threats & Malware, Vulnerabilities

Windows 10 latest update is broken and riddled with bugs – with no fix in sight

April 9, 2024

Via: TechRadar

Back in January, we reported on a small security update patch for Windows 10 that brought on a lot of headaches for IT admins and brought on a veritable cavalcade of error codes. Microsoft promised a fix was in the […]


Threats & Malware, Vulnerabilities

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

April 9, 2024

Via: Security Affairs

Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on […]


Threats & Malware, Vulnerabilities

Hugging Face says it fixed some worrying security issues, moves to boost online protection

April 8, 2024

Via: TechRadar

Multiple generative AI models uploaded to Hugging Face were found to be vulnerable in a way that allowed threat actors to run malicious code and extract sensitive user information. This is according to a new report from the cloud security […]


Mobile, Mobile security, Threats & Malware, Vulnerabilities

Google Patches Exploited Pixel Vulnerabilities

April 3, 2024

Via: Security Week

The exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware, Google notes in its advisory. The internet giant says it has indications that these two security defects “may be under limited, targeted exploitation,” without providing specific details […]


Cyber-crime, Malware, Threats & Malware, Vulnerabilities

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

March 20, 2024

Via: Security Affairs

Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers […]


Threats & Malware, Vulnerabilities

New Attack Shows Risks of Browsers Giving Websites Access to GPU 

March 18, 2024

Via: Security Week

The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the […]