exploit

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals […]

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update /

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

React to this headline:

Loading spinner

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Stars Arena recovers 90% of stolen funds after offering $257K bounty

bounty, Crypto hack, deso, exploit, Friend Tech, hack, stars arena, web3 social /

Stars Arena recovers 90% of stolen funds after offering $257K bounty 12/10/2023 at 05:02 By Cointelegraph By Jesse Coghlan The exploiter of the Web3 social media platform agreed to keep a 10% bounty in exchange for returning the remainder of the stolen funds. This article is an excerpt from Cointelegraph.com News View Original Source React

React to this headline:

Loading spinner

Stars Arena recovers 90% of stolen funds after offering $257K bounty Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

botnet, exploit, Malware & Threats, Mirai /

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal 10/10/2023 at 19:07 By Ionut Arghire A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices. The post Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal Read More »

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

bug bounty, Chrome, Don't miss, Expert corner, exploit, Google, Google Cloud, News, virtualization /

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM 09/10/2023 at 13:01 By Zeljka Zorz Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they

React to this headline:

Loading spinner

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM Read More »

Friend.tech copycat StarsArena patches exploit after some funds were drained

Avalanche, exploit, Friend Tech, hack, starsarena /

Friend.tech copycat StarsArena patches exploit after some funds were drained 05/10/2023 at 21:02 By Cointelegraph By Tom Blackstone StarsArena announced that attackers were draining funds through a loophole, but the contract has been patched to prevent further damage. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Friend.tech copycat StarsArena patches exploit after some funds were drained Read More »

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

attack, attacker, exploit, Friend Tech, hack, hackers, phishing scam, SIM swap /

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week 04/10/2023 at 10:03 By Cointelegraph By Jesse Coghlan In a short period of time, four friend.tech users reported their accounts were compromised and drained after hackers seized control of their mobile numbers. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week Read More »

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits

Android, exploit, iOS, Mobile & Wireless /

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits 28/09/2023 at 15:32 By Ionut Arghire Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits Read More »

High number of security flaws found in EMEA-developed apps

Application Security, cybercrime, cybercriminals, cybersecurity, exploit, generative AI, News, report, SCA, survey, third party compromise, Veracode, vulnerability /

High number of security flaws found in EMEA-developed apps 27/09/2023 at 07:47 By Help Net Security Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’

React to this headline:

Loading spinner

High number of security flaws found in EMEA-developed apps Read More »

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

exploit, Featured, Mobile & Wireless, spyware, Zero-Day /

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks 25/09/2023 at 13:32 By Eduard Kovacs Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.  The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

0-day, apple, Don't miss, exploit, Hot stuff, iOS, macOS, News, spyware /

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

React to this headline:

Loading spinner

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »

3 ways to strike the right balance with generative AI

access control, Artificial Intelligence, cybersecurity, data breach, Descope, Don't miss, Expert analysis, Expert corner, exploit, generative AI, Hot stuff, News, opinion, threats, training /

3 ways to strike the right balance with generative AI 07/09/2023 at 08:02 By Help Net Security To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user

React to this headline:

Loading spinner

3 ways to strike the right balance with generative AI Read More »

Old vulnerabilities are still a big problem

cybercrime, Don't miss, exploit, Fortinet, Hot stuff, Malware, News, patching, Qualys, Ransomware, vulnerability /

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

React to this headline:

Loading spinner

Old vulnerabilities are still a big problem Read More »

Atlas VPN zero-day allows sites to discover users’ IP address

0-day, Don't miss, exploit, Hot stuff, Linux, News, VPN, vulnerability /

Atlas VPN zero-day allows sites to discover users’ IP address 05/09/2023 at 20:47 By Zeljka Zorz Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several

React to this headline:

Loading spinner

Atlas VPN zero-day allows sites to discover users’ IP address Read More »

Connected cars and cybercrime: A primer

attacks, connected cars, cybercrime, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, identity theft, Keylogger, Malware, News, opinion, phishing, VicOne /

Connected cars and cybercrime: A primer 05/09/2023 at 08:02 By Help Net Security Original equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially harmful. Analysis

React to this headline:

Loading spinner

Connected cars and cybercrime: A primer Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Citrix, Don't miss, exploit, Hot stuff, News, Ransomware, Sophos, vulnerability /

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

React to this headline:

Loading spinner

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

cybersecurity, exploit, hackers, Malware, vulnerability, WinRAR /

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Scroll to Top