Hacker, Threats & Malware, Vulnerabilities
April 18, 2024
Via: The Hacker NewsThreat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That’s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the […]
Threats & Malware, Vulnerabilities
April 8, 2024
Via: TechRadarMultiple generative AI models uploaded to Hugging Face were found to be vulnerable in a way that allowed threat actors to run malicious code and extract sensitive user information. This is according to a new report from the cloud security […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
April 3, 2024
Via: Security WeekThe exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware, Google notes in its advisory. The internet giant says it has indications that these two security defects “may be under limited, targeted exploitation,” without providing specific details […]
Cyber-crime, Malware, Threats & Malware, Vulnerabilities
March 20, 2024
Via: Security AffairsTrend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers […]
September 11, 2023
Via: Help Net SecuritySending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The issues […]
August 22, 2023
Via: The Hacker NewsSoftware services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: […]
Threats & Malware, Vulnerabilities
May 19, 2023
Via: The Hacker NewsApple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed […]
Threats & Malware, Vulnerabilities
May 18, 2023
Via: CSO OnlineCisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices […]
Threats & Malware, Virus & Malware
February 17, 2023
Via: The Hacker NewsA new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto […]
Threats & Malware, Vulnerabilities
February 15, 2023
Via: Security WeekThe most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a […]
Threats & Malware, Vulnerabilities
February 9, 2023
Via: The Hacker NewsA set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. “Threat actors […]
February 7, 2023
Via: The Hacker NewsThreat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote […]
Threats & Malware, Vulnerabilities
January 18, 2023
Via: The Hacker NewsSecurity vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact […]
Threats & Malware, Vulnerabilities
January 18, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens […]
Threats & Malware, Vulnerabilities
January 17, 2023
Via: The Hacker NewsFour different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December […]
Threats & Malware, Vulnerabilities
January 12, 2023
Via: The Hacker NewsA recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being […]
Threats & Malware, Vulnerabilities
January 6, 2023
Via: Security WeekQualcomm announced this week the availability of patches for a dozen vulnerabilities, including five connectivity- and boot-related issues discovered by researchers at firmware security company Binarly. Alex Matrosov, founder and CEO of Binarly, told SecurityWeek that they discovered a total […]
Threats & Malware, Vulnerabilities
January 4, 2023
Via: The Hacker NewsQualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities — tracked from CVE-2022-40516 through CVE-2022-40520 — also impact Lenovo ThinkPad […]
Threats & Malware, Vulnerabilities
January 4, 2023
Via: The Hacker NewsSynology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and […]
Threats & Malware, Vulnerabilities
December 28, 2022
Via: CSO OnlineThe Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its […]