Top

Tag: Exploit


Threats & Malware, Vulnerabilities

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

September 8, 2023

Via: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]


Threats & Malware, Vulnerabilities

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

January 30, 2023

Via: The Hacker News

Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have […]


Cyber-crime, Identity theft

Play Ransomware Group Used New Exploitation Method in Rackspace Attack

January 5, 2023

Via: Security Week

Rackspace told the media that a previously unknown exploit was used to gain access to its network and steal data. The incident apparently involved a customer’s credentials getting compromised, which gave the attackers access to one of its servers on […]


Threats & Malware, Vulnerabilities

Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893)

August 18, 2022

Via: Help Net Security

Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild. About the vulnerabilities (CVE-2022-32894, CVE-2022-32893) CVE-2022-32894 is out-of-bounds write issue in the operating systems’ […]


Threats & Malware, Vulnerabilities

Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)

May 31, 2022

Via: Help Net Security

A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a security related issue”, Microsoft has now issued a […]


Application security, Security, Threats & Malware, Vulnerabilities

Log4Shell exploitation: Which applications may be targeted next?

April 5, 2022

Via: Help Net Security

Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in attacks in the wild. Attackers in the wild […]


Threats & Malware, Vulnerabilities

CISA adds Spring4Shell to list of exploited vulnerabilities

April 5, 2022

Via: Help Net Security

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts to deploy […]


Threats & Malware, Vulnerabilities

Spring4Shell: No need to panic, but mitigations are advised

March 31, 2022

Via: Help Net Security

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online. Thanks […]


Threats & Malware, Vulnerabilities

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

March 8, 2022

Via: Help Net Security

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellermann, the flaw – which […]


Cyber-crime, Malware, Phishing

End of 2021 witnessed an explosion of RDP brute-force attacks

February 9, 2022

Via: Help Net Security

RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 […]


Cyber-crime, Malware, Threats & Malware, Vulnerabilities

Attackers bypass Microsoft patch to deliver Formbook malware

December 22, 2021

Via: Help Net Security

Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file format. The attackers took a publicly available proof-of-concept Office exploit and weaponized it to […]


Application security, Security, Threats & Malware, Vulnerabilities

Most Apps Use Vulnerable Open-Source Libraries, Veracode Research Shows

May 29, 2020

Via: Hot for Security

New research from Veracode found that most applications use open-source libraries that also present vulnerabilities, but the distribution of such libraries depends on the programming languages used. Open-source libraries are ubiquitous, but they are not limited to integration into open-source […]


Network security

Facebook quickly fixed a bug exploited in attacks that exposed Page Admins info

January 13, 2020

Via: Security Affairs

Last week Facebook has addressed a security issue that exposed page admin accounts, the bug was exploited in attacks in the wild against several high-profile pages. The page admin accounts are anonymous unless the Page owner opts to make the […]


Email security, Phishing

Phishing attacks are a complex problem that requires layered solutions

October 24, 2019

Via: Help Net Security

Most cyber attacks start with a social engineering attempt and, most often that not, it takes the form of a phishing email. It’s easy to understand the popularity of this attack vector: phishing campaigns are relatively inexpensive (money- and time-wise), […]


Mobile, Mobile security

Android 0-Day exploit granting attackers root access found running in the wild

October 4, 2019

Via: Hot for Security

A new zero-day vulnerability was identified in the vanilla Android operating system, affecting a large number of users and devices. The exploit has likely already been used in the wild by the NSO Group, an Israeli-based security company known for […]


Threats & Malware, Vulnerabilities

Cisco warns about public exploit code for critical flaws in its 220 Series smart switches

August 22, 2019

Via: Help Net Security

Cisco has fixed over 30 vulnerabilities in various solutions, including Cisco UCS Director, Cisco UCS Director Express for Big Data, Cisco IMC Supervisor, and the Cisco 220 Series smart switches. Cisco 220 Series exploit Users of Cisco UCS Director and […]


Vulnerabilities

Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep

July 29, 2019

Via: Threat Post

The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with […]


Cyber-crime, Malware

New MacOS Malware Discovered

July 3, 2019

Via: Dark Reading

A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code. A wave of malware targeting MacOS over the past month has raised the profile of the operating system once advertised as much […]


Malware, Virus & Malware, Vulnerabilities

Microsoft SharePoint Vulnerability Exploited in the Wild

May 13, 2019

Via: Security Week

A critical vulnerability in Microsoft’s SharePoint collaboration platform has been exploited in the wild to deliver malware. The security hole, tracked as CVE-2019-0604, got its first patch in February and another one in March after the first fix turned out […]


Vulnerabilities

Exploits for Social Warfare WordPress Plugin Reach Critical Mass

April 24, 2019

Via: Threat Post

Active exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk. The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting (XSS) vulnerability and […]