Threats & Malware, Vulnerabilities
July 24, 2024
Via: SecurityWeekThere have been so many hot takes about the CrowdStrike disaster that I don’t feel any need to add mine. But when you see what Delta Airlines is *still* doing to passengers some five days after this one piece of […]
Threats & Malware, Vulnerabilities
July 10, 2024
Via: Help Net SecurityCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Point Research […]
Threats & Malware, Vulnerabilities
July 5, 2024
Via: The RegisterKeen meatheads better hope they haven’t angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks. With summer in full swing in the northern hemisphere, […]
Threats & Malware, Vulnerabilities
July 2, 2024
Via: TechRadarOpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned. A report from Qualys claims the […]
Threats & Malware, Vulnerabilities
June 26, 2024
Via: The RegisterThought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway. Progress Software initially contacted users on June 13 […]
Threats & Malware, Vulnerabilities
June 25, 2024
Via: The RegisterUS cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are […]
Threats & Malware, Vulnerabilities
June 21, 2024
Via: The RegisterKraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more. […]
Threats & Malware, Vulnerabilities
June 19, 2024
Via: TechRadarSecurity researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling […]
Threats & Malware, Vulnerabilities
June 19, 2024
Via: The Hacker NewsCrypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security […]
Threats & Malware, Vulnerabilities
June 18, 2024
Via: The RegisterVMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites. Announced late on Monday night, Pacific Time, the critical-rated […]
Threats & Malware, Vulnerabilities
June 5, 2024
Via: The RegisterMiscreants exploited a zero-day in TikTok to compromised the accounts of CNN and other big names. The app maker has confirmed there was a cyberattack, and that it has scrambled to secure accounts and prevent any further exploitation. We can […]
Threats & Malware, Vulnerabilities
May 23, 2024
Via: The RegisterAcademics have suggested that Apple’s Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, “Surveilling the Masses with Wi-Fi-Based Positioning Systems,” Erik Rye, a PhD student at the University of Maryland (UMD) […]
Threats & Malware, Vulnerabilities
May 16, 2024
Via: The RegisterNational Cyber Security Centre (NCSC) CTO Ollie Whitehouse kicked off day two of Britain’s cyber watchdog’s annual shindig, CYBERUK, with a tirade about the tech market, pulling it apart to demonstrate why he believes it’s at fault for many of […]
Threats & Malware, Vulnerabilities
May 14, 2024
Via: The RegisterThe UK’s NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited. Originally disclosed in March, the three vulnerabilities all had proof of concept (PoC) exploit code released the day after […]
Threats & Malware, Vulnerabilities
May 8, 2024
Via: Security AffairsResearchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially […]
Threats & Malware, Vulnerabilities
May 8, 2024
Via: CSO OnlineResearchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. A massive security hole in virtual private networks (VPNs) reported this week highlights the […]
Threats & Malware, Vulnerabilities
May 3, 2024
Via: The RegisterFive Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week. The authors, all from the Harbin Institute of […]
Threats & Malware, Vulnerabilities
April 25, 2024
Via: Security AffairsGoogle addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute […]
Threats & Malware, Vulnerabilities
April 22, 2024
Via: TechRadarThe not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, […]
Threats & Malware, Vulnerabilities
April 19, 2024
Via: TechRadarTraditional cybersecurity is laser-focused on incident detection and response. In other words, it’s built around a Security Operations Centre (SOC). That’s no bad thing in itself. Read between the lines, however, and that assumes we’re waiting on the threats to […]