Threats & Malware, Vulnerabilities
January 31, 2024
Via: The RegisterSecurity researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]
Threats & Malware, Vulnerabilities
January 30, 2024
Via: The RegisterJuniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]
Threats & Malware, Vulnerabilities
January 25, 2024
Via: Naked SecurityIn July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: The RegisterSecurity experts are wasting no time in publishing working exploits for a critical vulnerability in Fortra GoAnywhere MFT, which was publicly disclosed just over a day ago. Customers were first advised by Fortra on the mitigations for the critical authentication […]
Threats & Malware, Vulnerabilities
January 24, 2024
Via: SecureWorldOn January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC’s X account claiming the approval had been granted. This triggered a surge in Bitcoin’s price […]
Threats & Malware, Vulnerabilities
January 16, 2024
Via: The RegisterGitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to […]
Threats & Malware, Vulnerabilities
January 16, 2024
Via: The RegisterVMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection […]
Threats & Malware, Vulnerabilities
January 9, 2024
Via: The RegisterMicrosoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, […]
Threats & Malware, Vulnerabilities
January 2, 2024
Via: Security AffairsSecurity researchers from Ruhr University Bochum (Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk) discovered a vulnerability, called Terrapin (CVE-2023-48795, CVSS score 5.9), in the Secure Shell (SSH) cryptographic network protocol. An attacker can trigger the flaw to downgrade the connection’s security […]
Threats & Malware, Vulnerabilities
December 27, 2023
Via: TechRadarEvery year since its inception, hackers have stolen more cryptocurrencies than the previous year, until 2023, new research has claimed. Data presented on the REKT platform, which keeps track of all the different crypto-related hacks and thefts, says that in […]
Threats & Malware, Vulnerabilities
December 21, 2023
Via: The RegisterSecurity vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code. The vulnerability, tracked as CVE-2023-50164, is rated 9.8 out of 10 […]
Threats & Malware, Vulnerabilities
December 20, 2023
Via: The RegisterA vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people’s connections, if conditions are right. In a successful man-in-the-middle attack, the adversary may be able to force SSH clients to use […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: The RegisterFour vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: SecureWorldThis morning, the Qualys Threat Research Unit released its 2023 Threat Landscape Year in Review report. In 2023, the Qualys Threat Research Unit (TRU) witnessed a critical trend in exploiting high-risk vulnerabilities. Its analysis reveals a startling insight into how […]
Threats & Malware, Vulnerabilities
December 15, 2023
Via: Security AffairspfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]
Threats & Malware, Vulnerabilities
December 13, 2023
Via: SecureWorldLazarus, the notorious North Korean hacking group, has once again made headlines, this time by exploiting the Log4j vulnerability, despite it being disclosed two years ago. The Log4j vulnerability, officially known as CVE-2021-44228, continues to pose significant risks to organizations […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterAtlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren’t live for all readers at the time of despatch. The email, seen by The Register, […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterA security vulnerability previously added to CISA’s Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV […]
Threats & Malware, Vulnerabilities
December 1, 2023
Via: The RegisterApple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack. The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked […]