Threats & Malware, Virus & Malware
July 11, 2024
Via: The RegisterYet another new ransomware gang, this one dubbed EstateRansomware, is now exploiting a Veeam vulnerability that was patched more than a year ago to deploy file-encrypting malware, a LockBit variant, and extort payments from victims. Veeam fixed the flaw, tracked […]
Threats & Malware, Vulnerabilities
July 5, 2024
Via: The RegisterKeen meatheads better hope they haven’t angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks. With summer in full swing in the northern hemisphere, […]
Threats & Malware, Vulnerabilities
July 2, 2024
Via: TechRadarOpenSSH, regarded as one of the “most secure software implementations in the world” has a “glaring gap” that allows threat actors to completely take over Linux systems that have it installed, experts have warned. A report from Qualys claims the […]
July 1, 2024
Via: The RegisterGlibc-based Linux systems are vulnerable to a new bug (CVE-2024-6387) in OpenSSH’s server (sshd) and should upgrade to the latest version. Infosec researchers at Qualys published their findings today, revealing that sshd is vulnerable to a race condition that could […]
Threats & Malware, Vulnerabilities
June 21, 2024
Via: The RegisterKraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, expoliting it to steal millions in digital cash, then using stolen funds to extort the exchange for more. […]
Threats & Malware, Vulnerabilities
June 19, 2024
Via: TechRadarSecurity researchers recently claimed to have found a flaw that could allow threat actors to spoof Microsoft corporate emails. A cybersecurity researcher with the alias Slonser (full name Vsevolod Kokorin, according to TechCrunch) recently posted on X with a telling […]
Threats & Malware, Vulnerabilities
June 18, 2024
Via: The RegisterVMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites. Announced late on Monday night, Pacific Time, the critical-rated […]
June 13, 2024
Via: The RegisterThe Netherlands’ cybersecurity agency (NCSC) says the previously reported attack on the country’s Ministry of Defense (MoD) was far more extensive than previously thought. The NCSC first published details of a Chinese state-sponsored malware campaign in February, but has continued […]
Threats & Malware, Vulnerabilities
May 8, 2024
Via: Security AffairsResearchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially […]
Threats & Malware, Vulnerabilities
May 8, 2024
Via: CSO OnlineResearchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. A massive security hole in virtual private networks (VPNs) reported this week highlights the […]
Threats & Malware, Vulnerabilities
April 25, 2024
Via: Security AffairsGoogle addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute […]
Threats & Malware, Vulnerabilities
April 12, 2024
Via: Security WeekTracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances. “A command injection vulnerability in the GlobalProtect […]
Threats & Malware, Vulnerabilities
March 14, 2024
Via: The Hacker NewsFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]
Threats & Malware, Vulnerabilities
March 8, 2024
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: […]
Threats & Malware, Vulnerabilities
February 15, 2024
Via: The RegisterVideo conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation […]
February 13, 2024
Via: The RegisterMeta has acknowledged that phone number reuse that allows takeovers of its accounts “is a concern,” but the ad biz insists the issue doesn’t qualify for its bug bounty program and is a matter for telecom companies to sort out. […]
Threats & Malware, Virus & Malware
February 8, 2024
Via: The RegisterA cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million. Noah Roskin-Frazee and Keith Latteri are alleged to have gained access to Apple’s systems via […]
Threats & Malware, Vulnerabilities
February 7, 2024
Via: The RegisterJetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows […]
Threats & Malware, Vulnerabilities
February 2, 2024
Via: The RegisterMastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. With a 9.4 severity score, exploiting CVE-2024-23832 potentially allows attackers to take over Mastodon accounts remotely. While […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: The RegisterSecurity researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]