exploit

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

bug bounty, Chrome, Don't miss, Expert corner, exploit, Google, Google Cloud, News, virtualization /

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM 09/10/2023 at 13:01 By Zeljka Zorz Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they […]

React to this headline:

Loading spinner

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM Read More »

Friend.tech copycat StarsArena patches exploit after some funds were drained

Avalanche, exploit, Friend Tech, hack, starsarena /

Friend.tech copycat StarsArena patches exploit after some funds were drained 05/10/2023 at 21:02 By Cointelegraph By Tom Blackstone StarsArena announced that attackers were draining funds through a loophole, but the contract has been patched to prevent further damage. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Friend.tech copycat StarsArena patches exploit after some funds were drained Read More »

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

attack, attacker, exploit, Friend Tech, hack, hackers, phishing scam, SIM swap /

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week 04/10/2023 at 10:03 By Cointelegraph By Jesse Coghlan In a short period of time, four friend.tech users reported their accounts were compromised and drained after hackers seized control of their mobile numbers. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week Read More »

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits

Android, exploit, iOS, Mobile & Wireless /

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits 28/09/2023 at 15:32 By Ionut Arghire Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains. The post Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits Read More »

High number of security flaws found in EMEA-developed apps

Application Security, cybercrime, cybercriminals, cybersecurity, exploit, generative AI, News, report, SCA, survey, third party compromise, Veracode, vulnerability /

High number of security flaws found in EMEA-developed apps 27/09/2023 at 07:47 By Help Net Security Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’

React to this headline:

Loading spinner

High number of security flaws found in EMEA-developed apps Read More »

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

exploit, Featured, Mobile & Wireless, spyware, Zero-Day /

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks 25/09/2023 at 13:32 By Eduard Kovacs Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.  The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

0-day, apple, Don't miss, exploit, Hot stuff, iOS, macOS, News, spyware /

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

React to this headline:

Loading spinner

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »

3 ways to strike the right balance with generative AI

access control, Artificial Intelligence, cybersecurity, data breach, Descope, Don't miss, Expert analysis, Expert corner, exploit, generative AI, Hot stuff, News, opinion, threats, training /

3 ways to strike the right balance with generative AI 07/09/2023 at 08:02 By Help Net Security To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user

React to this headline:

Loading spinner

3 ways to strike the right balance with generative AI Read More »

Old vulnerabilities are still a big problem

cybercrime, Don't miss, exploit, Fortinet, Hot stuff, Malware, News, patching, Qualys, Ransomware, vulnerability /

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

React to this headline:

Loading spinner

Old vulnerabilities are still a big problem Read More »

Atlas VPN zero-day allows sites to discover users’ IP address

0-day, Don't miss, exploit, Hot stuff, Linux, News, VPN, vulnerability /

Atlas VPN zero-day allows sites to discover users’ IP address 05/09/2023 at 20:47 By Zeljka Zorz Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several

React to this headline:

Loading spinner

Atlas VPN zero-day allows sites to discover users’ IP address Read More »

Connected cars and cybercrime: A primer

attacks, connected cars, cybercrime, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, identity theft, Keylogger, Malware, News, opinion, phishing, VicOne /

Connected cars and cybercrime: A primer 05/09/2023 at 08:02 By Help Net Security Original equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially harmful. Analysis

React to this headline:

Loading spinner

Connected cars and cybercrime: A primer Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Citrix, Don't miss, exploit, Hot stuff, News, Ransomware, Sophos, vulnerability /

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

React to this headline:

Loading spinner

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

WinRAR patches zero-day bug that targeted stock and crypto traders

cybersecurity, exploit, hackers, Malware, vulnerability, WinRAR /

WinRAR patches zero-day bug that targeted stock and crypto traders 25/08/2023 at 08:04 By Cointelegraph By Martin Young According to cybersecurity firm Group-IB, weaponized ZIP file archives were being shared on crypto trading forums, with each one containing a nasty surprise. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

WinRAR patches zero-day bug that targeted stock and crypto traders Read More »

Does a secure coding training platform really work?

code, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, opinion, sandbox, SecDim, software, training, vulnerability /

Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many

React to this headline:

Loading spinner

Does a secure coding training platform really work? Read More »

Cypher announces recovery plan, says it will ‘socialize’ losses in initial stage

cypher, exploit, hack, recovery plan, Solana /

Cypher announces recovery plan, says it will ‘socialize’ losses in initial stage 24/08/2023 at 00:05 By Cointelegraph By Tom Blackstone Cypher announced that losses from the exploit will be distributed among users in an initial stage, then compensated through protocol revenue when the platform relaunches. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

Cypher announces recovery plan, says it will ‘socialize’ losses in initial stage Read More »

Top 12 vulnerabilities routinely exploited in 2022

ACSC, CISA, Don't miss, exploit, FBI, Hot stuff, NCSC, News, trends, vulnerability /

Top 12 vulnerabilities routinely exploited in 2022 04/08/2023 at 16:31 By Helga Labus Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “In 2022, malicious cyber actors exploited older

React to this headline:

Loading spinner

Top 12 vulnerabilities routinely exploited in 2022 Read More »

New persistent backdoor used in attacks on Barracuda ESG appliances

backdoor, Barracuda Networks, CISA, Don't miss, exploit, Hot stuff, News, vulnerability /

New persistent backdoor used in attacks on Barracuda ESG appliances 31/07/2023 at 13:32 By Helga Labus The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late

React to this headline:

Loading spinner

New persistent backdoor used in attacks on Barracuda ESG appliances Read More »

Stremio vulnerability exposes millions to RCE and data theft

CyFox, data theft, Don't miss, exploit, hijacking, News, vulnerability, Windows /

Stremio vulnerability exposes millions to RCE and data theft 31/07/2023 at 11:02 By Help Net Security CyFox has recently identified a critical hijacking vulnerability in Stremio 4.4, a popular software platform for streaming movies and TV shows. With over 5 million users relying on Stremio for their entertainment needs, this vulnerability poses a significant risk

React to this headline:

Loading spinner

Stremio vulnerability exposes millions to RCE and data theft Read More »

Cryptojacking soars as cyberattacks increase, diversify

cryptojacking, cybercriminals, cybersecurity, education, exploit, Government, healthcare, intrusion, IoT, Malware, News, Ransomware, report, SMBs, SonicWall /

Cryptojacking soars as cyberattacks increase, diversify 27/07/2023 at 05:03 By Help Net Security Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by SonicWall, as

React to this headline:

Loading spinner

Cryptojacking soars as cyberattacks increase, diversify Read More »

Scroll to Top