Summary

Total Articles Found: 36

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • Billions of Devices Open to Wi-Fi Eavesdropping Attacks
  • Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware
  • Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
  • Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices
  • Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
  • Linux Kernel Flaw Allows Remote Code-Execution
  • Android-Based Sony Smart-TVs Open to Image Pilfering
  • Misconfigured Baby Monitors Allow Unauthorized Viewing
  • Doki Backdoor Infiltrates Docker Servers in the Cloud
  • SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

'RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems

Published: 2024-07-01 19:38:55

Popularity: 25

Author: Tara Seals, Managing Editor, News, Dark Reading

🤖: "Linux takeover"

The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.

...more

Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base

Published: 2024-03-08 17:22:50

Popularity: 45

Author: Tara Seals, Managing Editor, News, Dark Reading

The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January.

...more

Cloudflare Falls Victim to Okta Breach, Atlassian Systems Cracked

Published: 2024-02-02 13:00:00

Popularity: 16

Author: Tara Seals, Managing Editor, News, Dark Reading

The cyberattackers, believed to be state sponsored, didn't get far into Cloudflare's global network, but not for lack of trying.

...more

Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare

Published: 2023-12-13 23:26:00

Popularity: 5

Author: Tara Seals, Managing Editor, News, Dark Reading

Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch.

...more

Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits

Published: 2023-11-06 22:57:00

Popularity: 32

Author: Tara Seals, Managing Editor, News, Dark Reading

Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.

...more

Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime's Chagrin

Published: 2023-10-12 20:23:45

Popularity: 17

Author: Tara Seals, Managing Editor, News, Dark Reading

Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming language.

...more

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Published: 2023-09-20 20:09:00

Popularity: 52

Author: Tara Seals, Managing Editor, News, Dark Reading

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

...more

Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes

Published: 2022-12-23 18:18:27

Popularity: 29

Author: Tara Seals, Managing Editor, News, Dark Reading

A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.

...more

Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Published: 2022-07-27 18:49:47

Popularity: 950

Author: Tara Seals, Managing Editor, News, Dark Reading

Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.

...more

Capital One Attacker Exploited Misconfigured AWS Databases

Published: 2022-06-20 21:25:39

Popularity: 25

Author: Tara Seals, Managing Editor, News, Dark Reading

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty.

...more

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Published: 2022-05-25 19:21:04

Popularity: 36

Author: Tara Seals, Managing Editor, News, Dark Reading

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

...more

Apple AirTag Zero-Day Weaponizes Trackers

Published: 2021-09-29 20:48:33

Popularity: 177

Author: Tara Seals

Keywords:

  • IoT
  • Malware
  • Vulnerabilities
  • Web Security

    • Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.

    ...more

    ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

    Published: 2021-09-09 16:39:13

    Popularity: 147

    Author: Tara Seals

    Keywords:

  • Cloud Security
  • Vulnerabilities

    • A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

    ...more

    Microsoft Warns: There's Another Unpatched PrintNightmare Zero-Day

    Published: 2021-08-12 20:10:33

    Popularity: None

    Author: Tara Seals

    🤖: ""Printer fails""

    The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.

    ...more

    Google Patches Critical Android RCE Bug

    Published: 2021-06-08 19:02:25

    Popularity: 68

    Author: Tara Seals

    Keywords:

  • Mobile Security
  • Vulnerabilities

    • Google's June security bulletin addresses 90+ bugs in Android and Pixel devices.

    ...more

    Tutor LMS for WordPress Open to Info-Stealing Security Holes

    Published: 2021-03-18 11:50:44

    Popularity: 113

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • Web Security

    • The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

    ...more

    Misconfigured Baby Monitors Allow Unauthorized Viewing

    Published: 2021-02-16 16:50:35

    Popularity: 302

    Author: Tara Seals

    Keywords:

  • Cloud Security
  • IoT
  • Mobile Security
  • Vulnerabilities
  • Web Security

    • Hundreds of thousands of individuals are potentially affected by this vulnerability.

    ...more

    Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

    Published: 2021-02-05 22:20:20

    Popularity: 133

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • Web Security

    • An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users.

    ...more

    SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

    Published: 2021-02-03 11:00:21

    Popularity: 261

    Author: Tara Seals

    Keywords:

  • Vulnerabilities

    • The by-now infamous company has issued patches for three security vulnerabilities in total.

    ...more

    Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

    Published: 2021-01-27 20:32:55

    Popularity: 440

    Author: Tara Seals

    Keywords:

  • Critical Infrastructure
  • Hacks
  • Vulnerabilities
  • Web Security

    • A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.

    ...more

    Widespread Scans Underway for RCE Bugs in WordPress Websites

    Published: 2020-11-18 21:53:55

    Popularity: 172

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • Web Security
  • epsilon framework
  • Hackers
  • internet scans
  • probes
  • RCE
  • remote code execution
  • Security Vulnerabilities
  • site takeover
  • themes
  • WordFence
  • wordpress

    • WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

    ...more

    Doki Backdoor Infiltrates Docker Servers in the Cloud

    Published: 2020-07-30 17:00:13

    Popularity: 265

    Author: Tara Seals

    Keywords:

  • Cloud Security
  • Malware
  • APIs
  • cloud
  • command and control
  • container security
  • DGA
  • Docker
  • Docker Hub
  • dogecoin wallet
  • doki
  • misconfiguration
  • ngrok botnet

    • The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.

    ...more

    Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

    Published: 2020-07-07 14:44:30

    Popularity: 550

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • adc
  • citrix
  • Code Injection
  • critical advisory
  • cve-2020-8187
  • cve-2020-8190
  • cve-2020-8191
  • cve-2020-8193
  • cve-2020-8194
  • cve-2020-8195
  • cve-2020-8196
  • cve-2020-8197
  • cve-2020-8198
  • cve-2020-8199
  • Denial of Service
  • gateway
  • information disclosure
  • Patches
  • security advisory
  • Security Bugs

    • Admins should patch their Citrix ADC and Gateway installs immediately.

    ...more

    Apache Guacamole Opens Door for Total Control of Remote Footprint

    Published: 2020-07-02 16:14:46

    Popularity: 117

    Author: Tara Seals

    Keywords:

  • Cloud Security
  • Vulnerabilities
  • apache guacamole
  • Check Point
  • COVID-19
  • CVE-2020-9497
  • CVE-2020-9498
  • gateway
  • information disclosure
  • RCE
  • remote footprint
  • remote users
  • Security Vulnerabilities
  • takeover
  • work from home

    • Several vulnerabilities can be chained together for a full exploit.

    ...more

    Salt Bugs Allow Full RCE as Root on Cloud Servers

    Published: 2020-05-01 00:09:53

    Popularity: None

    Author: Tara Seals

    🤖: "Cloud fail"

    Researchers say the bugs are easy to exploit and will likely be weaponized within a day.

    ...more

    Billions of Devices Open to Wi-Fi Eavesdropping Attacks

    Published: 2020-02-27 04:07:18

    Popularity: 990

    Author: Tara Seals

    Keywords:

  • Cryptography
  • IoT
  • Mobile Security
  • RSAC
  • Vulnerabilities
  • apple devices
  • Broadcom
  • CVE-2019-15126
  • cypress
  • Encryption
  • kr00k
  • KRACK
  • security flaw
  • vulnerability
  • wi-fi chips

    • The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

    ...more

    Google Sets Record High in Bug-Bounty Payouts

    Published: 2020-01-29 19:56:14

    Popularity: 135

    Author: Tara Seals

    Keywords:

  • Bug Bounty
  • Mobile Security
  • Vulnerabilities
  • Web Security
  • $6.5 million
  • 2019
  • Android
  • annual reward report card
  • bonus
  • bug bounty
  • chrome
  • google
  • payout totals
  • Titan M
  • White Hat

    • After a year of big changes, white hats reaped more from Google's programs than ever before.

    ...more

    D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

    Published: 2019-10-08 18:53:19

    Popularity: None

    Author: Tara Seals

    🤖: "Router hacked"

    CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.

    ...more

    Million+ IoT Radios Open to Hijack via Telnet Backdoor

    Published: 2019-09-10 02:03:15

    Popularity: None

    Author: Tara Seals

    🤖: ""Radio Hack""

    Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

    ...more

    Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

    Published: 2019-07-17 17:29:58

    Popularity: 531

    Author: Tara Seals

    Keywords:

  • IoT
  • Mobile Security
  • Vulnerabilities
  • apple
  • BLE
  • Bluetooth
  • Boston University
  • botnet
  • correlation attacks
  • global tracking
  • information
  • leakage
  • Privacy
  • randomized addresses
  • Research
  • tracking
  • traffic analysis
  • Windows 10

    • Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices -- opening an attack vector.

    ...more

    Linux Kernel Flaw Allows Remote Code-Execution

    Published: 2019-05-14 15:21:17

    Popularity: 362

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • CVE-2019-11815
  • Kernel
  • Linux
  • race condition
  • remote code execution
  • use-after-free
  • vulnerability

    • The bug is remotely exploitable without authentication or user interaction.

    ...more

    Android-Based Sony Smart-TVs Open to Image Pilfering

    Published: 2019-04-25 21:13:31

    Popularity: 304

    Author: Tara Seals

    Keywords:

  • IoT
  • Vulnerabilities
  • Android
  • bravia
  • photo sharing plus
  • sony smart tvs
  • vulnerabilities
  • wifi passwords

    • A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.

    ...more

    Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

    Published: 2019-03-12 15:09:12

    Popularity: 92

    Author: Tara Seals

    Keywords:

  • Vulnerabilities
  • Microsoft
  • Proof of Concept
  • remote code execution backdoor
  • User Account Control
  • user dialog box
  • vulnerability
  • Windows 10
  • Windows registry

    • Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation.

    ...more

    Dark Web Recruiters Target Insiders and Employees

    Published: 2019-03-07 23:20:57

    Popularity: None

    Author: Tara Seals

    Cybercriminals are recruiting them to help steal data, make illegal trades or otherwise profit.

    ...more

    Ropemaker Allows Attackers to Change the Content of an Email—After It's Delivered

    Published: 2019-03-07 22:53:44

    Popularity: None

    Author: Tara Seals

    An attacker could swap a benign URL with a malicious one, or edit any text in the body of an email.

    ...more

    CryptoMix Variant Can Communicate Offline

    Published: 2019-03-07 22:53:29

    Popularity: None

    Author: Tara Seals

    Error can encrypt files with no network communication

    ...more

    end