Summary

Total Articles Found: 51

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Russia fines Google for spreading ‘unreliable’ info defaming its army
  • Adobe Flash Player is officially dead tomorrow
  • New Linux glibc flaw lets attackers get root on major distros
  • GoDaddy notifies users of breached hosting accounts
  • NSA advises companies to avoid third party DNS resolvers
  • Google sees 50% security boost for 150M users after 2FA enroll
  • Billions of Records Including Passwords Leaked by Smart Home Vendor
  • Actively exploited bug bypasses authentication on millions of routers
  • Buggy WordPress plugin exposes 100K sites to takeover attacks
  • Apple emergency update fixes zero-day used to hack Macs, Watches

Google now pays $250,000 for KVM zero-day vulnerabilities

Published: 2024-07-02 18:06:17

Popularity: 207

Author: Sergiu Gatlan

Keywords:

  • Security
  • Google
  • 🤖: "Bug bounty boom"

    Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. [...]

    ...more

    New Linux glibc flaw lets attackers get root on major distros

    Published: 2024-01-30 23:06:35

    Popularity: 1635

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Linux
  • ​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). [...]

    ...more

    Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto

    Published: 2023-10-27 19:00:21

    Popularity: 121

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27. [...]

    ...more

    Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto

    Published: 2023-10-25 22:46:03

    Popularity: 148

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. [...]

    ...more

    Western Digital struggles to fix massive My Cloud outage, offers workaround

    Published: 2023-04-08 15:08:13

    Popularity: 297

    Author: Sergiu Gatlan

    Keywords:

  • Technology
  • On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. [...]

    ...more

    Samsung Galaxy S22 gets hacked in 55 seconds at Pwn2Own Toronto

    Published: 2022-12-09 15:48:36

    Popularity: 115

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. [...]

    ...more

    Microsoft confirms new Exchange zero-days are used in attacks

    Published: 2022-09-30 08:18:22

    Popularity: 138

    Author: Sergiu Gatlan

    Keywords:

  • Microsoft
  • Security
  • Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. [...]

    ...more

    NSA and CISA share tips to secure the software supply chain

    Published: 2022-09-01 15:21:17

    Popularity: 533

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain. [...]

    ...more

    Malicious npm packages steal Discord users’ payment card info

    Published: 2022-07-28 14:13:54

    Popularity: 135

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. [...]

    ...more

    Microsoft starts blocking Office macros by default, once again

    Published: 2022-07-21 08:40:16

    Popularity: 53

    Author: Sergiu Gatlan

    Keywords:

  • Microsoft
  • Security
  • Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. [...]

    ...more

    Microsoft Teams outage also takes down Microsoft 365 services

    Published: 2022-07-21 10:08:14

    Popularity: 627

    Author: Sergiu Gatlan

    Keywords:

  • Microsoft
  • What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online. [...]

    ...more

    Atlassian fixes critical Confluence hardcoded credentials flaw

    Published: 2022-07-20 18:59:57

    Popularity: 89

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers. [...]

    ...more

    Massive Rogers outage caused by a maintenance update

    Published: 2022-07-11 20:44:53

    Popularity: 92

    Author: Sergiu Gatlan

    Keywords:

  • Technology
  • Over the weekend, Rogers Communications CEO Tony Staffieri revealed the telecom company believes a maintenance update was what caused last week's massive outage. [...]

    ...more

    New stealthy OrBit malware steals data from Linux devices

    Published: 2022-07-07 20:38:42

    Popularity: 87

    Author: Sergiu Gatlan

    Keywords:

  • Linux
  • Security
  • A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. [...]

    ...more

    Russia fines Google for spreading ‘unreliable’ info defaming its army

    Published: 2022-06-24 20:28:35

    Popularity: 6556

    Author: Sergiu Gatlan

    Keywords:

  • Google
  • Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles (roughly $1.2 million) for helping spread what it called "unreliable" information on the war in Ukraine and the failure to remove it from its platforms. [...]

    ...more

    Critical PHP flaw exposes QNAP NAS devices to RCE attacks

    Published: 2022-06-22 10:20:54

    Popularity: 368

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. [...]

    ...more

    iCloud hacker gets 9 years in prison for stealing nude photos

    Published: 2022-06-16 21:51:33

    Popularity: 210

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. [...]

    ...more

    Google: Predator spyware infected Android devices using zero-days

    Published: 2022-05-22 14:00:00

    Popularity: 334

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Google
  • Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...]

    ...more

    Apple emergency update fixes zero-day used to hack Macs, Watches

    Published: 2022-05-16 18:33:32

    Popularity: 679

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Apple
  • Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...]

    ...more

    Trend Micro fixes actively exploited remote code execution bug

    Published: 2022-04-01 16:58:10

    Popularity: 239

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. [...]

    ...more

    Google sees 50% security boost for 150M users after 2FA enroll

    Published: 2022-02-08 11:00:00

    Popularity: 1027

    Author: Sergiu Gatlan

    Keywords:

  • Google
  • Security
  • After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled. [...]

    ...more

    Zoho patches new critical authentication bypass in Desktop Central

    Published: 2022-01-17 18:04:18

    Popularity: 41

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP  unified endpoint management (UEM) solutions. [...]

    ...more

    New Android malware steals millions after infecting 10M phones

    Published: 2021-09-29 14:45:18

    Popularity: 640

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by tricking them into subscribing to paid services without their knowledge. [...]

    ...more

    Actively exploited bug bypasses authentication on millions of routers

    Published: 2021-08-07 14:10:05

    Popularity: 923

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...]

    ...more

    Akamai DNS global outage takes down major websites, online services

    Published: 2021-07-22 16:39:24

    Popularity: 327

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Akamai is investigating an ongoing outage affecting many major websites and online services including Steam, the PlayStation Network, Newegg, AWS, Amazon, Google, and Salesforce. [...]

    ...more

    Twitter now lets you use security keys as the only 2FA method

    Published: 2021-07-01 11:37:47

    Popularity: 23

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having all other methods disabled, as the social network announced three months ago, in March. [...]

    ...more

    Google shares Spectre PoC targeting browser JavaScript engines

    Published: 2021-03-12 19:30:09

    Popularity: 257

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Google
  • Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory. [...]

    ...more

    QNAP patches critical vulnerability in Surveillance Station NAS app

    Published: 2021-02-17 13:58:12

    Popularity: 66

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. [...]

    ...more

    Buggy WordPress plugin exposes 100K sites to takeover attacks

    Published: 2021-02-11 17:05:44

    Popularity: 803

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence. [...]

    ...more

    NSA advises companies to avoid third party DNS resolvers

    Published: 2021-01-14 18:05:44

    Popularity: 1083

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information. [...]

    ...more

    Adobe Flash Player is officially dead tomorrow

    Published: 2020-12-31 12:30:00

    Popularity: 2343

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Technology
  • Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. [...]

    ...more

    HPE discloses critical zero-day in server management software

    Published: 2020-12-16 14:55:35

    Popularity: 362

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. [...]

    ...more

    New Slipstream NAT bypass attacks to be blocked by browsers

    Published: 2020-11-09 21:09:08

    Popularity: 97

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT/firewall to gain access to any TCP/UDP service hosted on their devices. [...]

    ...more

    HP Device Manager backdoor lets attackers take over Windows systems

    Published: 2020-10-02 18:24:35

    Popularity: 198

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover. [...]

    ...more

    Grindr fixed a bug allowing full takeover of any user account

    Published: 2020-10-02 23:12:46

    Popularity: 69

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user's email address. [...]

    ...more

    KrØØk attack variants impact Qualcomm, MediaTek Wi-Fi chips

    Published: 2020-08-06 20:00:00

    Popularity: 100

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Qualcomm and MediaTek Wi-Fi chips were found to have been impacted by new variants of the KrØØk information disclosure vulnerability discovered by ESET researchers Robert Lipovský and Štefan Svorenčík. [...]

    ...more

    Critical Wordpress plugin bug lets hackers take over hosting account

    Published: 2020-07-28 22:59:08

    Popularity: 229

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites. (eaf4eb782b57d2f002da312b3ed275fe)[...]

    ...more

    Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found

    Published: 2020-07-07 19:56:37

    Popularity: 152

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass. [...]

    ...more

    Hundreds arrested after encrypted messaging network takeover

    Published: 2020-07-02 15:01:38

    Popularity: 148

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • European law enforcement agencies arrested hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. [...]

    ...more

    GoDaddy notifies users of breached hosting accounts

    Published: 2020-05-04 22:35:54

    Popularity: 1256

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • GoDaddy notified some of its customers that it had to reset their passwords after an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. [...]

    ...more

    Kali Linux Adds Single Installer Image, Default Non-Root User

    Published: 2020-01-28 17:32:35

    Popularity: 75

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Kali Linux 2020.1 was released today by Kali Linux team at Offensive Security with a new Kali Single Installer image for all desktop environments and a previously announced move to a non-root default user. [...]

    ...more

    Google to Kill Chrome Apps Across All Platforms

    Published: 2020-01-16 15:40:00

    Popularity: 203

    Author: Sergiu Gatlan

    Keywords:

  • Google
  • Software
  • Google announced that it will slowly phase out support for Chrome apps on all operating systems until they will completely stop working in June 2022 for all users. [...]

    ...more

    US Govt Warns of Attacks on Unpatched Pulse VPN Servers

    Published: 2020-01-10 18:15:12

    Popularity: 91

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability. [...]

    ...more

    New Masad Stealer Malware Exfiltrates Crypto Wallets via Telegram

    Published: 2019-09-27 19:27:14

    Popularity: 53

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • A new and actively distributed malware strain dubbed Masad Stealer steals files, browser information, and cryptocurrency wallet data from infected computers that get sent back to its masters using Telegram as a communication channel. [...]

    ...more

    New York Passes Law to Update Data Breach Notification Requirements

    Published: 2019-07-27 14:30:00

    Popularity: 54

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Legal
  • New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers' private data and strengthen the state's data breach policies. [...]

    ...more

    Cloudflare Worldwide Outage Caused by Bad Software Deployment

    Published: 2019-07-02 16:48:42

    Popularity: 469

    Author: Sergiu Gatlan

    Keywords:

  • Technology
  • Cloudflare experienced a worldwide outage today for about 30 minutes, with network performance issues that brought down a multitude of websites and web services all around the world, and triggered "502 Bad Gateway" errors. [...]

    ...more

    Billions of Records Including Passwords Leaked by Smart Home Vendor

    Published: 2019-07-01 15:35:29

    Popularity: 996

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world. [...]

    ...more

    Botnet Uses SSH and ADB to Create Android Cryptomining Army

    Published: 2019-06-20 22:46:16

    Popularity: 310

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • CryptoCurrency
  • Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices. [...]

    ...more

    UK Announces Introduction of Online Pornography Age Checks in July

    Published: 2019-04-17 12:44:53

    Popularity: 57

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • UK's government announced today that new age-verification checks will be put into place to prevent Internet users under the age of 18 to access and watch online pornography starting with July 15. [...]

    ...more

    Evernote Fixes Remote Code Execution Vulnerability in macOS App

    Published: 2019-04-17 15:22:38

    Popularity: 80

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • Software
  • A local file path traversal vulnerability which allows attackers to run arbitrary code on their targets' Macs remotely was fixed by Evernote after receiving a report from security researcher Dhiraj Mishra. [...]

    ...more

    Researchers find SQL injection to bypass airport TSA security checks

    Published: 2024-08-30 19:02:43

    Popularity: 551

    Author: Sergiu Gatlan

    Keywords:

  • Security
  • 🤖: "Security hole alert"

    Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. [...]

    ...more

    end