Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
Threats & Malware, Vulnerabilities
January 30, 2023
Via: The Hacker NewsResearchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have […]
January 5, 2023
Via: Security WeekRackspace told the media that a previously unknown exploit was used to gain access to its network and steal data. The incident apparently involved a customer’s credentials getting compromised, which gave the attackers access to one of its servers on […]
Threats & Malware, Vulnerabilities
August 18, 2022
Via: Help Net SecurityApple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild. About the vulnerabilities (CVE-2022-32894, CVE-2022-32893) CVE-2022-32894 is out-of-bounds write issue in the operating systems’ […]
Threats & Malware, Vulnerabilities
May 31, 2022
Via: Help Net SecurityA newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a security related issue”, Microsoft has now issued a […]
Application security, Security, Threats & Malware, Vulnerabilities
April 5, 2022
Via: Help Net SecuritySpring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in attacks in the wild. Attackers in the wild […]
Threats & Malware, Vulnerabilities
April 5, 2022
Via: Help Net SecurityIt’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts to deploy […]
Threats & Malware, Vulnerabilities
March 31, 2022
Via: Help Net SecuritySecurity teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online. Thanks […]
Threats & Malware, Vulnerabilities
March 8, 2022
Via: Help Net SecurityAn easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellermann, the flaw – which […]
Cyber-crime, Malware, Phishing
February 9, 2022
Via: Help Net SecurityRDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 […]
Cyber-crime, Malware, Threats & Malware, Vulnerabilities
December 22, 2021
Via: Help Net SecuritySophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file format. The attackers took a publicly available proof-of-concept Office exploit and weaponized it to […]
Application security, Security, Threats & Malware, Vulnerabilities
May 29, 2020
Via: Hot for SecurityNew research from Veracode found that most applications use open-source libraries that also present vulnerabilities, but the distribution of such libraries depends on the programming languages used. Open-source libraries are ubiquitous, but they are not limited to integration into open-source […]
January 13, 2020
Via: Security AffairsLast week Facebook has addressed a security issue that exposed page admin accounts, the bug was exploited in attacks in the wild against several high-profile pages. The page admin accounts are anonymous unless the Page owner opts to make the […]
October 24, 2019
Via: Help Net SecurityMost cyber attacks start with a social engineering attempt and, most often that not, it takes the form of a phishing email. It’s easy to understand the popularity of this attack vector: phishing campaigns are relatively inexpensive (money- and time-wise), […]
October 4, 2019
Via: Hot for SecurityA new zero-day vulnerability was identified in the vanilla Android operating system, affecting a large number of users and devices. The exploit has likely already been used in the wild by the NSO Group, an Israeli-based security company known for […]
Threats & Malware, Vulnerabilities
August 22, 2019
Via: Help Net SecurityCisco has fixed over 30 vulnerabilities in various solutions, including Cisco UCS Director, Cisco UCS Director Express for Big Data, Cisco IMC Supervisor, and the Cisco 220 Series smart switches. Cisco 220 Series exploit Users of Cisco UCS Director and […]
July 29, 2019
Via: Threat PostThe nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with […]
July 3, 2019
Via: Dark ReadingA wave of new MacOS malware over the past month includes a zero-day exploit and other attack code. A wave of malware targeting MacOS over the past month has raised the profile of the operating system once advertised as much […]
Malware, Virus & Malware, Vulnerabilities
May 13, 2019
Via: Security WeekA critical vulnerability in Microsoft’s SharePoint collaboration platform has been exploited in the wild to deliver malware. The security hole, tracked as CVE-2019-0604, got its first patch in February and another one in March after the first fix turned out […]
April 24, 2019
Via: Threat PostActive exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk. The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting (XSS) vulnerability and […]