FreshRSS

🔒
☐ ☆ ✇ The Hacker News

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

By Newsroom — January 16th 2024 at 13:39
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security
☐ ☆ ✇ The Hacker News

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

By Newsroom — January 10th 2024 at 04:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
☐ ☆ ✇ The Hacker News

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

By Newsroom — December 21st 2023 at 16:48
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor
☐ ☆ ✇ The Hacker News

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

By Newsroom — December 19th 2023 at 06:58
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated
☐ ☆ ✇ The Hacker News

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

By Newsroom — October 24th 2023 at 08:37
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover
☐ ☆ ✇ The Hacker News

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT

By THN — September 21st 2023 at 05:03
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked
☐ ☆ ✇ The Hacker News

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

By THN — September 8th 2023 at 03:11
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
☐ ☆ ✇ The Hacker News

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

By THN — September 3rd 2023 at 04:42
Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A
☐ ☆ ✇ The Hacker News

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

By THN — August 22nd 2023 at 03:36
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (
☐ ☆ ✇ The Hacker News

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

By THN — August 11th 2023 at 03:38
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It
☐ ☆ ✇ The Hacker News

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

By Ravie Lakshmanan — June 24th 2023 at 15:30
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel
☐ ☆ ✇ The Hacker News

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

By Ravie Lakshmanan — June 8th 2023 at 14:59
Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain
☐ ☆ ✇ The Hacker News

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

By Ravie Lakshmanan — May 23rd 2023 at 11:11
An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor. "WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said
☐ ☆ ✇ The Hacker News

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

By Ravie Lakshmanan — May 4th 2023 at 13:03
Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched by the
☐ ☆ ✇ The Hacker News

NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

By Ravie Lakshmanan — April 20th 2023 at 10:11
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory
☐ ☆ ✇ The Hacker News

Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military

By Ravie Lakshmanan — April 10th 2023 at 13:01
An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. Court documents allege that Shevlyakov operated
☐ ☆ ✇ The Hacker News

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

By Ravie Lakshmanan — February 27th 2023 at 15:33
The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and
☐ ☆ ✇ The Hacker News

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

By Ravie Lakshmanan — February 11th 2023 at 05:45
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. Details
☐ ☆ ✇ The Hacker News

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

By Ravie Lakshmanan — December 14th 2022 at 13:08
Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing
☐ ☆ ✇ The Hacker News

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

By Ravie Lakshmanan — October 14th 2022 at 03:35
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can
☐ ☆ ✇ The Hacker News

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

By Ravie Lakshmanan — September 23rd 2022 at 10:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency
☐ ☆ ✇ The Hacker News

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation

By Ravie Lakshmanan — July 29th 2022 at 03:19
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain
❌