uncovered
-
A new generation of QR code phishing (quishing) attacks have been uncovered by threat analyists at Barracuda.
-
RPKI is a security framework designed to enhance the integrity of Internet routing by associating specific IP address blocks and ASNs with their legitimate holders.
-
MalBot October 3, 2024, 11:55pm 1 Attackers leverage exposed access keys to run chatbot services at the victim’s expense.
-
The Jenkins project has issued a security advisory, urging users to update their installations immediately due to the discovery of multiple vulnerabilities. These flaws could allow attackers to steal sensitive data, bypass security restrictions, and even gain complete control of Jenkins servers.
-
What happened? The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in…
-
In a recent analysis, security researcher Mikko Kenttälä exposed a critical zero-click vulnerability chain in macOS, potentially affecting millions of users. This exploit, dubbed the “Zero-Click Calendar Invite,” allows attackers to execute malicious code on a victim’s machine remotely, without any user interaction.
-
Microsoft has disclosed a critical zero-day vulnerability in its Windows operating system, identified as CVE-2024-43491. The vulnerability, with a severity score of 9.8 (out of 10), resides within the Windows Servicing Stack and can enable remote code execution.
-
Dive Brief: Marsh McLennan and Zurich Insurance Group on Thursday issued a call for government intervention to help resolve the growing risk of catastrophic cyber events and a multibillion dollar gap in terms of what the current insurance market can absorb. The cyber insurance market has seen significant growth in recent years, and is expected…
-
Published in · 3 min read · 3 days ago A few months ago, during one of my late-night bug bounty hunting sessions, I stumbled upon a critical vulnerability that could lead to a full server takeover. The target was a well-known program, and I was determined to dig deep. This is the story of…
-
Hunting for vulnerabilities in industrial environments has become increasingly important as industrial control systems and critical infrastructure face threats from state-sponsored actors and ransomware groups hoping to cash out on million-dollar payments.
-
The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6670, CVE-2024-6671, and CVE-2024-6672, pose significant risks to organizations using outdated versions of the network monitoring tool. While no reports of active exploitation have surfaced, the potential impact on operations is…
-
Researchers uncovered new infrastructure linked to the cybercrime group FIN7
-
Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless gear-shifting tools used by professional cyclists. This flaw could allow hackers to remotely manipulate a bicycle’s movement during a race.
-
Massive Android SMS Stealer Campaign Uncovered: Over 100,000 Malicious Apps Targeting Global Users
·
A new report from Zimperium zLabs reveals a sprawling and sophisticated Android malware campaign that has infected over 107,000 devices across 113 countries since February 2022. The malware, a silent SMS stealer, targets one-time passwords (OTPs) from over 600 top-tier brands, potentially compromising millions of users’ accounts.
-
Ransomware attacks continued to surge over the previous year, with a new record for the largest publicly recorded ransom payment signaling the digital extortion industry is as healthy as ever.
-
Recorded Future’s Insikt Group has exposed “Vortax,” a seemingly legitimate virtual meeting software, as a sophisticated front for a massive malware operation targeting cryptocurrency users. This elaborate scheme, primarily disseminated through social media phishing campaigns, has been linked to the notorious Atomic macOS Stealer (AMOS) and other infostealers.
-
The Hail Mary bet captivates players in the high-stakes environment of online casinos. These high-risk, high-reward wagers defy logic, tempting players with the promise of instant riches while carrying the weight of considerable risk – learn about 3 card brag hands.
-
Linux servers often provide hosting for critical applications, websites, and databases, which makes them a lucrative target for intruders to get unauthorized access to steal data and manipulate services.
-
Critical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager: Immediate Action Required
·
Rockwell Automation, a global leader in industrial automation and digital transformation, has issued a security advisory urging users of its ThinManager software to update to the latest versions following the discovery of three critical vulnerabilities. These vulnerabilities, discovered and reported by security researchers at Tenable Network Security, tracked as CVE-2024-5988, CVE-2024-5989, and CVE-2024-5990, could potentially…