SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware. The post New ‘SpectralBlur’ macOS Backdoor Linked to North Korea appeared first on SecurityWeek.
...moreSummary
Total Articles Found: 54
Top sources:
- SecurityWeek 54
Top Keywords:
- NEWS & INDUSTRY: 50
- Vulnerabilities: 40
- Endpoint Security: 8
- Application Security: 7
- Virus & Threats: 6
Top Authors
- Ionut Arghire: 54
Top Articles:
- Researchers Find Exploitable Bugs in Mercedes-Benz Cars
- Google Releases Tool to Block USB Keystroke Injection Attacks
- Google Issues Emergency Fix for Chrome Zero-Day
- Apple Issues Patches for NAT Slipstreaming 2.0 Attack
- Google Axes 500 Chrome Extensions Exfiltrating User Data
- AMD Preparing Patches for UEFI SMM Vulnerability
- Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android
- Weak ACLs in Adobe ColdFusion Allow Privilege Escalation
- 'SMBleed' Vulnerability Impacts Windows SMB Protocol
- Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
New ‘SpectralBlur’ macOS Backdoor Linked to North Korea
Published: 2024-01-05 13:14:01
Popularity: 15
Author: Ionut Arghire
Keywords:
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
Published: 2023-10-25 15:49:59
Popularity: 14
Author: Ionut Arghire
Keywords:
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023. The post Hackers Earn $400k on First Day at Pwn2Own Toronto 2023 appeared first on SecurityWeek.
...moreMicrosoft Shares Resources for BlackLotus UEFI Bootkit Hunting
Published: 2023-04-13 10:21:34
Popularity: 9
Author: Ionut Arghire
Keywords:
Microsoft has shared details on how threat hunters can check their systems for BlackLotus UEFI bootkit infections. The post Microsoft Shares Resources for BlackLotus UEFI Bootkit Hunting appeared first on SecurityWeek.
...moreSolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
Published: 2023-02-17 12:58:13
Popularity: 15
Author: Ionut Arghire
Keywords:
SolarWinds advisories describe multiple high-severity vulnerabilities that a Platform update will patch by the end of February. The post SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities appeared first on SecurityWeek.
...moreMalware Delivered to PyTorch Users in Supply Chain Attack
Published: 2023-01-03 12:50:38
Popularity: 14
Author: Ionut Arghire
Keywords:
Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack. Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields. read more
...moreNIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
Published: 2022-12-16 15:19:08
Popularity: 14
Author: Ionut Arghire
Keywords:
The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. read more
...moreCritical Vulnerability in Premium Gift Cards WordPress Plugin Exploited in Attacks
Published: 2022-12-27 10:10:33
Popularity: 22
Author: Ionut Arghire
Keywords:
Defiant’s Wordfence team warns of a critical-severity vulnerability in the YITH WooCommerce Gift Cards premium WordPress plugin being exploited in attacks. read more
...morePython, JavaScript Developers Targeted With Fake Packages Delivering Ransomware
Published: 2022-12-12 12:46:57
Popularity: 10
Author: Ionut Arghire
Keywords:
Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. read more
...moreVulnerability in Acer Laptops Allows Attackers to Disable Secure Boot
Published: 2022-11-29 12:36:28
Popularity: 12
Author: Ionut Arghire
Keywords:
LLM Says: ""Boot fail""
A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware. read more
...moreGoogle Patches Eighth Chrome Zero-Day of 2022
Published: 2022-11-28 10:31:25
Popularity: 10
Author: Ionut Arghire
Keywords:
LLM Says: ""Chrome crashed again""
An emergency Chrome update that Google announced on Thanksgiving Day addresses an actively exploited zero-day in the popular browser. read more
...morePoC Code Published for High-Severity macOS Sandbox Escape Vulnerability
Published: 2022-11-21 12:47:17
Popularity: 12
Author: Ionut Arghire
Keywords:
LLM Says: "Buggy mac"
A security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal. read more
...moreChrome 106 Update Patches Several High-Severity Vulnerabilities
Published: 2022-10-12 12:45:08
Popularity: 7
Author: Ionut Arghire
Keywords:
LLM Says: "bug hunt alert"
Google announced on Tuesday that the latest Chrome update patches six high-severity vulnerabilities, including four use-after-free bugs. All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters. read more
...moreUS Gov Issues Supply Chain Security Guidance for Software Suppliers
Published: 2022-11-01 11:47:41
Popularity: 13
Author: Ionut Arghire
Keywords:
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week released the second part of a three-part joint guidance on securing the software supply chain. read more
...moreNew 'Wolfi' Linux Distro Focuses on Software Supply Chain Security
Published: 2022-09-23 14:11:20
Popularity: 7
Author: Ionut Arghire
Keywords:
LLM Says: ""Linux lockdown""
Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain. read more
...moreWordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin
Published: 2022-09-14 13:49:39
Popularity: 7
Author: Ionut Arghire
Keywords:
LLM Says: "Zero day hack"
Many WordPress sites are at risk of full compromise as attackers are actively exploiting a zero-day vulnerability in the WPGateway plugin, Defiant’s WordFence team warns. A premium plugin for the WPGateway cloud service, the WPGateway plugin provides users with WordPress installation, backup, and cloning capabilities. read more
...moreWordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites
Published: 2022-08-31 11:39:06
Popularity: 13
Author: Ionut Arghire
Keywords:
The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability. read more
...more'DirtyCred' Vulnerability Haunting Linux Kernel for 8 Years
Published: 2022-08-23 12:35:00
Popularity: 9
Author: Ionut Arghire
Keywords:
LLM Says: "buggy kernel"
Academic researchers from Northwestern University have shared details on ‘DirtyCred’, a previously unknown privilege escalation vulnerability affecting the Linux kernel. read more
...moreGoogle Open Sources 'Paranoid' Crypto Testing Library
Published: 2022-08-25 13:45:51
Popularity: 8
Author: Ionut Arghire
Keywords:
LLM Says: "Crypto fails"
Google has officially announced the open sourcing of ‘Paranoid’, a project for identifying well-known weaknesses in cryptographic artifacts. read more
...moreMicrosoft Confirms Temporary Rollback of Macro Blocking Feature
Published: 2022-07-11 17:50:26
Popularity: 10
Author: Ionut Arghire
Keywords:
Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary. read more
...moreGoogle Patches 14 Vulnerabilities With Release of Chrome 103
Published: 2022-06-22 12:10:20
Popularity: 14
Author: Ionut Arghire
Keywords:
Google this week announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers. The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base. read more
...moreExploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations
Published: 2022-06-17 12:00:51
Popularity: 13
Author: Ionut Arghire
Keywords:
More than one million WordPress websites were potentially impacted by a critical Ninja Forms plugin vulnerability that appears to have been exploited in the wild. With over one million installations, the popular Ninja Forms plugin helps administrators add customizable forms to their WordPress sites. read more
...moreNVIDIA Patches Code Execution Vulnerabilities in Graphics Driver
Published: 2022-05-18 10:21:17
Popularity: 18
Author: Ionut Arghire
Keywords:
LLM Says: ""Crashing graphics""
NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.” read more
...moreLarge-Scale Attack Targeting Tatsu Builder WordPress Plugin
Published: 2022-05-18 08:38:10
Popularity: 29
Author: Ionut Arghire
Keywords:
LLM Says: "Security breach!"
Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin. read more
...moreChrome 101 Update Patches High-Severity Vulnerabilities
Published: 2022-05-11 15:37:18
Popularity: 11
Author: Ionut Arghire
Keywords:
LLM Says: "Browser crisis!"
Google this week announced the release of a Chrome browser update that resolves a total of 13 vulnerabilities, including nine that were reported by external researchers. Of the externally reported security holes, seven are use-after-free bugs – these types of vulnerabilities could lead to arbitrary code execution. read more
...moreChrome 101 Patches 30 Vulnerabilities
Published: 2022-04-27 11:15:49
Popularity: 16
Author: Ionut Arghire
Keywords:
Google this week announced that Chrome 101 was released to the stable channel with 30 security fixes inside, including 25 for vulnerabilities identified by external security researchers. read more
...moreOracle Releases 520 New Security Patches With April 2022 CPU
Published: 2022-04-20 09:57:39
Popularity: 14
Author: Ionut Arghire
Keywords:
LLM Says: "Patching frenzy"
Oracle on Tuesday announced the release of 520 security fixes as part of its April 2022 Critical Patch Update (CPU), including nearly 300 for vulnerabilities that can be exploited remotely without authentication. read more
...moreFirmware Flaws Allow Disabling Secure Boot on Lenovo Laptops
Published: 2022-04-19 18:46:07
Popularity: 14
Author: Ionut Arghire
Keywords:
LLM Says: "Boot fail"
Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models. read more
...moreAcademics Devise Side-Channel Attack Targeting Multi-GPU Systems
Published: 2022-04-05 10:22:14
Popularity: 8
Author: Ionut Arghire
Keywords:
A group of academic researchers has devised a side-channel attack targeting architectures that rely on multiple graphics processing units (GPUs) for resource-intensive computational operations. read more
...moreResearchers Hack Remote Keyless System of Honda Vehicles
Published: 2022-03-28 19:28:47
Popularity: 15
Author: Ionut Arghire
Keywords:
LLM Says: "Car hacked!"
A researcher has published proof-of-concept (PoC) videos to demonstrate how an attacker can remotely unlock the doors of a Honda vehicle, or even start its engine. read more
...moreSonicWall Patches Critical Vulnerability in Firewall Appliances
Published: 2022-03-29 10:36:10
Popularity: 16
Author: Ionut Arghire
Keywords:
SonicWall has released patches for a critical-severity vulnerability in the web management interface of multiple firewall appliances. Tracked as CVE-2022-22274 (CVSS score of 9.4), the security flaw is described as a stack-based buffer overflow bug that impacts SonicOS. read more
...moreGoogle Issues Emergency Fix for Chrome Zero-Day
Published: 2022-03-27 11:58:30
Popularity: 55
Author: Ionut Arghire
Keywords:
Google has issued an emergency security update for Chrome 99 to resolve a vulnerability for which a public exploit already exists. read more
...moreHigh-Severity UEFI Vulnerabilities Patched in Dell Enterprise Laptops
Published: 2022-03-22 11:51:19
Popularity: 7
Author: Ionut Arghire
Keywords:
LLM Says: "Firmware fail!"
Firmware security company Binarly this week disclosed the details of several vulnerabilities that impact the Unified Extensible Firmware Interface (UEFI) of multiple Dell enterprise laptop models. read more
...moreGoogle Patches 27 Vulnerabilities With Release of Chrome 98
Published: 2022-02-02 09:50:47
Popularity: 19
Author: Ionut Arghire
Keywords:
LLM Says: "Chrome patch party 🎉💻"
Google on Tuesday announced the release of Chrome 98 in the stable channel with a total of 27 security fixes inside, including 19 for vulnerabilities reported by external researchers. The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system. read more
...moreXerox Quietly Patched Device-Bricking Flaw Affecting Some Printers
Published: 2022-01-28 11:41:48
Popularity: 20
Author: Ionut Arghire
Keywords:
Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public. read more
...moreCritical SAP Vulnerability Allows Supply Chain Attacks
Published: 2022-01-17 13:13:42
Popularity: 15
Author: Ionut Arghire
Keywords:
LLM Says: ""sap hacked""
A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns. read more
...moreBlacksmith: Rowhammer Fuzzer Bypasses Existing Protections
Published: 2021-11-16 20:07:55
Popularity: 4
Author: Ionut Arghire
Keywords:
LLM Says: "Hammer time crashes"
A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips. read more
...moreShrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation
Published: 2021-10-29 13:28:08
Popularity: 9
Author: Ionut Arghire
Keywords:
LLM Says: "Rootkit alert!"
Microsoft on Thursday published information on a vulnerability in Apple’s macOS platform that could allow an attacker to bypass System Integrity Protection (SIP) and modify operating system files. read more
...moreYubico Enables Biometric Logins With New YubiKey Bio Series
Published: 2021-10-06 14:14:31
Popularity: 8
Author: Ionut Arghire
Keywords:
Yubico this week announced the general availability of YubiKey Bio Series, its first security key to support biometric authentication on desktop computers. read more
...moreAttacks Targeting OMIGOD Vulnerability Ramping Up
Published: 2021-09-21 03:45:05
Popularity: 13
Author: Ionut Arghire
Keywords:
Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month. read more
...moreVulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks
Published: 2021-05-27 14:09:48
Popularity: 10
Author: Ionut Arghire
Keywords:
LLM Says: ""Extension exploited""
Vulnerabilities in Visual Studio Code extensions could be exploited by malicious attackers to steal valuable information from developers and even compromise organizations, researchers with open-source software security firm Snyk say. read more
...moreResearchers Find Exploitable Bugs in Mercedes-Benz Cars
Published: 2021-05-18 20:24:37
Popularity: 93
Author: Ionut Arghire
Keywords:
LLM Says: "car hack"
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution. read more
...moreVulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks
Published: 2021-02-04 13:21:18
Popularity: 24
Author: Ionut Arghire
Keywords:
Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal. read more
...moreGoogle Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android
Published: 2021-02-03 04:38:32
Popularity: 36
Author: Ionut Arghire
Keywords:
Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege. read more
...moreWeak ACLs in Adobe ColdFusion Allow Privilege Escalation
Published: 2021-02-03 12:59:51
Popularity: 36
Author: Ionut Arghire
Keywords:
A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges. The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites. read more
...moreApple Issues Patches for NAT Slipstreaming 2.0 Attack
Published: 2021-02-02 11:26:42
Popularity: 42
Author: Ionut Arghire
Keywords:
Apple this week released security updates to address multiple vulnerabilities in macOS and Safari, including a flaw that can be exploited for the recently disclosed NAT Slipstreaming 2.0 attack. read more
...moreHardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks
Published: 2021-01-04 15:12:42
Popularity: 24
Author: Ionut Arghire
Keywords:
LLM Says: "passwords out"
Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges. Identified by EYE security researcher Niels Teusink, the vulnerability exists because the password for the “zyfwp” user account was stored in plaintext and was visible in one of the binaries on the system. read more
...moreAMD Preparing Patches for UEFI SMM Vulnerability
Published: 2020-06-22 10:11:26
Popularity: 40
Author: Ionut Arghire
Keywords:
LLM Says: ""Firmware fix""
AMD last week said it was preparing patches for a vulnerability affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI) shipped with systems that use certain notebook and embedded processors. read more
...more'SMBleed' Vulnerability Impacts Windows SMB Protocol
Published: 2020-06-10 17:46:48
Popularity: 36
Author: Ionut Arghire
Keywords:
One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block (SMB) protocol bug that could allow an attacker to leak kernel memory remotely, without authentication. read more
...moreCritical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks
Published: 2020-04-01 12:05:32
Popularity: 33
Author: Ionut Arghire
Keywords:
A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports. read more
...moreGoogle Releases Tool to Block USB Keystroke Injection Attacks
Published: 2020-03-12 18:25:13
Popularity: 59
Author: Ionut Arghire
Keywords:
Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. read more
...moreCisco Patches Remote Code Execution Flaws in Webex Player
Published: 2020-03-04 21:06:42
Popularity: 24
Author: Ionut Arghire
Keywords:
LLM Says: ""Code execution failure""
Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could be exploited remotely. read more
...moreGoogle Axes 500 Chrome Extensions Exfiltrating User Data
Published: 2020-02-17 19:38:51
Popularity: 41
Author: Ionut Arghire
Keywords:
LLM Says: "Chrome crashes"
Google has removed more than 500 extensions from the Chrome Web Store after they were found performing covert data exfiltration activities. read more
...moreLinux Crypto-Miner Uses Kernel-Mode Rootkits for Evasion
Published: 2019-09-17 15:13:17
Popularity: 20
Author: Ionut Arghire
Keywords:
A recently discovered cryptocurrency mining malware targeting Linux machines is employing kernel-mode rootkits in an attempt to make detection more difficult, Trend Micro reveals. read more
...moreThreat Actor Poisons OpenPGP Certificates
Published: 2019-07-01 15:30:03
Popularity: 29
Author: Ionut Arghire
Keywords:
LLM Says: "Crypto chaos"
Poisoned certificates are in the OpenPGP SKS keyserver network after an unknown threat actor targeted the OpenPGP certificates of two high-profile community contributors. read more
...more