Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk to organizations utilizing Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities, identified as CVE-2024-29945 and CVE-2024-29946, have been rated high in severity with CVSS scores of 7.2 and 8.1, respectively. These security flaws could potentially allow attackers to … [Read more...]
GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights the growing, widespread use and potential of Web3 user security data to aid in risk management. The findings of the report reveal a clear and growing demand for more advanced security tools that can effectively safeguard digital assets, verify the authenticity of nonfungible tokens … [Read more...]
C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has gained widespread traction as the automotive industry strives to meet cybersecurity regulations and industry standards, such as UN … [Read more...]
Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple IDs through what’s known as a “push bombing” or “MFA fatigue” attack. This method exploits the multi-factor authentication (MFA) system, bombarding users with incessant notifications to approve password changes or logins, ultimately aiming to steal passwords and gain unauthorized access to personal … [Read more...]
Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious Remote Control Software (RAT), Remcos. This method marks a significant evolution in cyberattack strategies, aiming to bypass traditional security measures and gain unauthorized access to victims’ devices. Remcos RAT has been a known entity in the cyber realm since 2016, initially introduced … [Read more...]
NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow attackers to execute malicious code and tamper with data on affected systems. The vulnerabilities stem from improper input validation (CWE-20) and improper privilege management (CWE-269) practices, where attackers could potentially trick the system … [Read more...]
iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform. A sophisticated Phishing-as-a-Service (PhaaS) platform known as ‘Dracula’. This platform has been implicated in high-profile phishing attacks, leveraging the trust and widespread use of iMessage among iPhone users to perpetrate its schemes. The Rise of Darcula Darcula is … [Read more...]
2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now
Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that were exploited at the Pwn2Own Vancouver 2024 hacking contest. Researchers at Pwn2Own challenge exploited the zero-days tagged as Type Confusion in WebAssembly (CVE-2024-2887) and Use after free in WebCodecs (CVE-2024-2886). Google has fixed the vulnerabilities in the Google Chrome … [Read more...]
Source Code of Italian anti-piracy Platform Privacy Shield Leaked on GitHub
The source code and documentation of the Italian anti-piracy platform Privacy Shield have reportedly been leaked on the popular code-sharing platform GitHub. This incident raises serious questions about privacy, security, and the potential for censorship. According to reports, the leak comprises nine repositories that contain comprehensive details of the Privacy Shield platform. This … [Read more...]
Wireshark 4.2.4 Released : What’s New!
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis. Its advanced features and user-friendly interface make it an indispensable tool for network troubleshooting and protocol analysis. The latest release, Wireshark 4.2.4, brings forth a series of critical updates and bug fixes that underscore the tool’s … [Read more...]
Microsoft Edge Flaw Let Hackers Silently Install Malicious Extensions
Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft’s flagship web browser, that could allow hackers to install malicious extensions without the user’s knowledge. This flaw, if exploited, could lead to a range of security breaches, including data theft, privacy invasion, and unauthorized access to users’ online activities. The vulnerability, identified as … [Read more...]
Agent Tesla’s Added New Tools & Tactics to Its Arsenal
The persistent search for money and the threat actors increasingly becoming more sophisticated are driving the alarming rate of malware change. Every day, new types of malware are created and put into circulation at an unusual speed, using modern tricks to avoid discovery and overcome security systems, while taking advantage of the most recent system vulnerabilities. Cybersecurity … [Read more...]
Hackers Using Weaponized PDF Files to Deliver Mispadu Banking Malware
Mispadu, a banking trojan initially targeting Latin America, has expanded its attacks to Europe, stealing credentials through phishing emails and malicious URLs. The attackers utilize stolen credentials for further phishing attacks, making it a significant threat. Despite the geographic expansion, Mexico remains the primary target, with thousands of stolen credentials since April … [Read more...]
vBulletin Forums Breached: Dark Web Sale of Millions of Accounts
vBulletin, a widely used forum software, has been compromised, potentially exposing millions of user accounts. The breach was facilitated by a software vulnerability, specifically affecting versions 4.2.2 and 4.2.3. The Forumrunner add-on was pinpointed as the weak link that allowed attackers to perform SQL Injection attacks. The Vulnerability The issue’s core lies in an SQL … [Read more...]
TeamViewer macOS Client Vulnerability Let Attackers Escalate Privileges
A critical vulnerability has been identified in the TeamViewer Client for macOS. If exploited, this flaw could allow attackers to escalate their privileges on the system, posing a severe security risk to users. The issue has been addressed in the latest software version, but it sheds light on the ongoing challenges of maintaining digital security in an ever-evolving threat … [Read more...]
Agenda Ransomware Attacking VMWare vCenter & ESXi servers WorldWide
Agenda ransomware group, also known by its aliases Qilin and Water Galura, has been ramping up its attacks globally. This nefarious group has focused on the United States, Argentina, Australia, and Thailand, and it has been targeting industries critical to the economy, such as finance and law. However, a recent trend has emerged: Agenda is setting its sights on a new, highly critical … [Read more...]
Google Revealed Kernel Address Sanitizer to Harden Android Firmware & Beyond
Google has unveiled its latest initiative the implementation of the Kernel Address Sanitizer (KASan) to enhance firmware security. This development comes as the focus on lower-level firmware security intensifies, given its critical role in device security. Traditionally, this area has received less scrutiny than Android userspace and kernel security. However, Google’s proactive … [Read more...]
BlueDucky: A New Tool Exploits Bluetooth Vulnerability With 0-Click Code Execution
A new tool dunned BlueDucky, automating the exploitation of a critical Bluetooth pairing vulnerability that allows for 0-click code execution on unpatched devices. This revelation comes on the heels of Marc Newlin’s January 2024 publication of a proof of concept script, which targets a Bluetooth vulnerability identified as CVE-2023-45866. The vulnerability, as detailed by Newlin, enables … [Read more...]
7 Chinese Govt Hackers Charged for 14-year hack campaign
The US Department of Justice (DOJ) has unsealed an indictment charging seven Chinese nationals with computer hacking and wire fraud conspiracies. These individuals are accused of being part of a hacking group known as APT31, which the DOJ alleges is linked to China’s Ministry of State Security (MSS). Over 10,000 malicious emails impacted thousands of victims across multiple … [Read more...]
macOS Flaw Let Attackers Escalate Privilege & Gain Root Access
A critical flaw impacting macOS has been uncovered that gives unauthorized users, including those with guest access, the capacity to escalate privileges and take complete root control of the system. According to the security researcher Yann Gascuel of Alter Solutions, the core of CVE-2023-42931 is the exploitation of the “diskutil” command line utility, which allows local users, including … [Read more...]
- « Previous Page
- 1
- …
- 11
- 12
- 13
- 14
- 15
- …
- 84
- Next Page »