Linkstrain-ng Slideshow

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

...more

China-linked APT Flew Under Radar for Decade

Published: 2022-06-17 13:34:04

Popularity: 57

Author: Nate Nelson

Keywords:

Government

Evidence suggests that a just-discovered APT has been active since 2013.

...more

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Published: 2022-05-19 13:03:37

Popularity: 238

Author: Elizabeth Montalbano

Keywords:

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

...more

Snake Keylogger Spreads Through Malicious PDFs

Published: 2022-05-23 12:07:56

Popularity: 307

Author: Elizabeth Montalbano

Keywords:

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

...more

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

Published: 2022-05-04 10:27:47

Popularity: 97

Author: Elizabeth Montalbano

Keywords:

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.

...more

Millions of Java Apps Remain Vulnerable to Log4Shell

Published: 2022-04-27 12:11:25

Popularity: 70

Author: Elizabeth Montalbano

Keywords:

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

...more

Lapsus$ Hackers Target T-Mobile

Published: 2022-04-25 13:32:43

Popularity: 170

Author: Threatpost

Keywords:

Breach

No government and customer data was accessed.

...more

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

Published: 2022-03-29 20:33:08

Popularity: 52

Author: Lisa Vaas

Keywords:

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

...more

20K WordPress Sites Exposed by Insecure Plugin REST-API

Published: 2022-01-21 18:19:37

Popularity: 34

Author: Becky Bracken

Keywords:

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

...more

BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released

Published: 2021-11-05 17:00:57

Popularity: 932

Author: Lisa Vaas

Keywords:

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

...more

Zoho Password Manager Flaw Torched by Godzilla Webshell

Published: 2021-11-08 16:38:05

Popularity: 36

Author: Lisa Vaas

Keywords:

Researchers have spotted a second, worldwide campaign exploiting the Zoho zero-day: one that’s breached defense, energy and healthcare organizations.

...more

Android Patches Actively Exploited Zero-Day Kernel Bug

Published: 2021-11-02 17:20:42

Popularity: 49

Author: Lisa Vaas

Keywords:

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.

...more

Twitter Suspends Accounts Used to Snare Security Researchers

Published: 2021-10-18 16:23:21

Popularity: 88

Author: Lisa Vaas

Keywords:

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.

...more

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

Published: 2021-10-01 20:08:23

Popularity: 191

Author: Lisa Vaas

Keywords:

Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.

...more

Apple AirTag Zero-Day Weaponizes Trackers

Published: 2021-09-29 20:48:33

Popularity: 177

Author: Tara Seals

Keywords:

Apple's personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.

...more

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

Published: 2021-09-14 21:02:49

Popularity: 44

Author: Tom Spring

Keywords:

Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.

...more

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

Published: 2021-09-09 14:30:56

Popularity: 115

Author: Lisa Vaas

Keywords:

Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.

...more

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

Published: 2021-09-09 16:39:13

Popularity: 147

Author: Tara Seals

Keywords:

Cloud Security

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

...more

Thousands of Fortinet VPN Account Credentials Leaked

Published: 2021-09-09 22:49:27

Popularity: 39

Author: Lisa Vaas

Keywords:

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.

...more

Kerberos Authentication Spoofing: Don’t Bypass the Spec

Published: 2021-08-18 13:19:15

Popularity: 1210

Author: Yaron Kassner

Keywords:

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.

...more

Microsoft Warns: There's Another Unpatched PrintNightmare Zero-Day

Published: 2021-08-12 20:10:33

Popularity: None

Author: Tara Seals

🤖: ""Printer fails""

The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.

...more

Pro-Trump ‘Gettr’ Social Platform Hacked On Day One

Published: 2021-07-07 03:27:13

Popularity: 114

Author: Lisa Vaas

Keywords:

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online.

...more

Microsoft Signs Malware That Spreads Through Gaming

Published: 2021-06-28 16:36:45

Popularity: 221

Author: Lisa Vaas

Keywords:

The driver, called "Netfilter," is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers' geo-locations to cheat the system and play from anywhere, Microsoft said.

...more

Critical VMware Carbon Black Bug Allows Authentication Bypass

Published: 2021-06-24 15:31:31

Popularity: 74

Author: Lisa Vaas

Keywords:

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

...more

Google Patches Critical Android RCE Bug

Published: 2021-06-08 19:02:25

Popularity: 68

Author: Tara Seals

Keywords:

Google's June security bulletin addresses 90+ bugs in Android and Pixel devices.

...more

Apple’s ‘Find My’ Network Exploited via Bluetooth

Published: 2021-05-14 11:00:02

Popularity: None

Author: Anonymous

🤖: "Bluetooth hijack"

The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers.

...more

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Published: 2021-05-12 11:19:06

Popularity: None

Author: Tom Spring

🤖: "Acrobat Crash"

A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.

...more

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

Published: 2021-03-18 15:52:29

Popularity: 268

Author: Lindsey O'Donnell

Keywords:

A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords.

...more

Tutor LMS for WordPress Open to Info-Stealing Security Holes

Published: 2021-03-18 11:50:44

Popularity: 113

Author: Tara Seals

Keywords:

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

...more

Adobe Critical Code-Execution Flaws Plague Windows Users

Published: 2021-03-10 11:55:14

Popularity: None

Author: None

🤖: "Crashing windows"

The critical flaws exist in Adobe Framemaker, Connect and the Creative Cloud desktop application for Windows.

...more

Critical WordPress Plugin Flaw Allows Site Takeover

Published: 2021-02-08 21:11:57

Popularity: 124

Author: Lindsey O'Donnell

Keywords:

A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.

...more

Attackers Exploit Critical Adobe Flaw to Target Windows Users

Published: 2021-02-09 19:40:47

Popularity: 643

Author: Lindsey O'Donnell

Keywords:

A critical vulnerability in Adobe Reader has been exploited in "limited attacks."

...more

Misconfigured Baby Monitors Allow Unauthorized Viewing

Published: 2021-02-16 16:50:35

Popularity: 302

Author: Tara Seals

Keywords:

Hundreds of thousands of individuals are potentially affected by this vulnerability.

...more

Intel Squashes High-Severity Graphics Driver Flaws

Published: 2021-02-10 15:16:15

Popularity: 125

Author: Lindsey O'Donnell

Keywords:

Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.

...more

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

Published: 2021-02-05 22:20:20

Popularity: 133

Author: Tara Seals

Keywords:

An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users.

...more

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

Published: 2021-02-03 11:00:21

Popularity: 261

Author: Tara Seals

Keywords:

The by-now infamous company has issued patches for three security vulnerabilities in total.

...more

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Published: 2021-01-27 20:32:55

Popularity: 440

Author: Tara Seals

Keywords:

Critical Infrastructure

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.

...more

ADT Security Camera Flaws Open Homes to Eavesdropping

Published: 2021-01-27 18:05:51

Popularity: 227

Author: Lindsey O'Donnell

Keywords:

Privacy

Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.

...more

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Published: 2021-01-27 12:21:28

Popularity: 1153

Author: Elizabeth Montalbano

Keywords:

An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.

...more

Google Warns of Critical Android Remote Code Execution Bug

Published: 2021-01-05 20:21:40

Popularity: 394

Author: Lindsey O'Donnell

Keywords:

android security update

Samsung

Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.

...more

Widespread Scans Underway for RCE Bugs in WordPress Websites

Published: 2020-11-18 21:53:55

Popularity: 172

Author: Tara Seals

Keywords:

RCE

Security Vulnerabilities

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

...more

High-Severity Android RCE Flaw Fixed in August Security Update

Published: 2020-08-05 16:14:26

Popularity: 124

Author: Lindsey O'Donnell

Keywords:

Android

Android operating system

google

high severity flaw

Qualcomm

RCE

Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.

...more

Doki Backdoor Infiltrates Docker Servers in the Cloud

Published: 2020-07-30 17:00:13

Popularity: 265

Author: Tara Seals

Keywords:

DGA

The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.

...more

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

Published: 2020-07-30 21:40:31

Popularity: 146

Author: Lindsey O'Donnell

Keywords:

incorrect passcode check

Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.

...more

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Published: 2020-07-07 14:44:30

Popularity: 550

Author: Tara Seals

Keywords:

adc

information disclosure

Patches

security advisory

Security Bugs

Admins should patch their Citrix ADC and Gateway installs immediately.

...more

Apache Guacamole Opens Door for Total Control of Remote Footprint

Published: 2020-07-02 16:14:46

Popularity: 117

Author: Tara Seals

Keywords:

information disclosure

RCE

remote footprint

remote users

Security Vulnerabilities

takeover

work from home

Several vulnerabilities can be chained together for a full exploit.

...more

Adobe Patches 18 Critical Flaws in Out-Of-Band Update

Published: 2020-06-16 19:29:09

Popularity: 205

Author: Lindsey O'Donnell

Keywords:

critical vulnerability

Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition.

...more

Critical Intel Flaws Fixed in Active Management Technology

Published: 2020-06-10 18:37:53

Popularity: 138

Author: Lindsey O'Donnell

Keywords:

intel security update

Security

Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update.

...more

Zoom Restricts End-to-End Encryption to Paid Users

Published: 2020-06-04 17:02:34

Popularity: 372

Author: Lindsey O'Donnell

Keywords:

Privacy

End to end encryption

FBI

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement.

...more

Salt Bugs Allow Full RCE as Root on Cloud Servers

Published: 2020-05-01 00:09:53

Popularity: None

Author: Tara Seals

🤖: "Cloud fail"

Researchers say the bugs are easy to exploit and will likely be weaponized within a day.

...more

Critical GitLab Flaw Earns Bounty Hunter $20K

Published: 2020-04-30 00:05:53

Popularity: None

Author: None

🤖: "Vulnerable code"

A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute code.

...more

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

Published: 2020-02-27 04:07:18

Popularity: 990

Author: Tara Seals

Keywords:

annual reward report card

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

...more

Google Sets Record High in Bug-Bounty Payouts

Published: 2020-01-29 19:56:14

Popularity: 135

Author: Tara Seals

Keywords:

After a year of big changes, white hats reaped more from Google's programs than ever before.

...more

Hacker Leaks More Than 500K Telnet Credentials for IoT Devices

Published: 2020-01-21 11:57:20

Popularity: 568

Author: Elizabeth Montalbano

Keywords:

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.

...more

Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers

Published: 2019-12-13 18:33:39

Popularity: 743

Author: Tom Spring

Keywords:

authentication bypass

One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.

...more

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

Published: 2019-10-08 18:53:19

Popularity: None

Author: Tara Seals

🤖: "Router hacked"

CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.

...more

DoorDash Data Breach Impacts Personal Data of Almost 5M Users

Published: 2019-09-26 21:34:14

Popularity: 436

Author: Lindsey O'Donnell

Keywords:

Accessed information includes delivery addresses, license numbers, names, phone numbers and more.

...more

Million+ IoT Radios Open to Hijack via Telnet Backdoor

Published: 2019-09-10 02:03:15

Popularity: None

Author: Tara Seals

🤖: ""Radio Hack""

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

...more

Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

Published: 2019-07-17 17:29:58

Popularity: 531

Author: Tara Seals

Keywords:

BLE

Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices -- opening an attack vector.

...more

Amazon Admits Alexa Voice Recordings Saved Indefinitely

Published: 2019-07-03 14:40:59

Popularity: 1920

Author: Lindsey O'Donnell

Keywords:

voice assistant devices

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

...more

FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps

Published: 2019-06-28 15:14:43

Popularity: 259

Author: Lindsey O'Donnell

Keywords:

MiniMed Paradigm series insulin pumps

FDA

Medical device security

Medtronic

MiniMed 508 insulin pump

MiniMed insulin pumps

The FDA sent out an urgent advisory warning of serious flaws in Medtronic's insulin pumps, which are used by thousands across the U.S.

...more

MongoDB Leak Exposed Millions of Medical Insurance Records

Published: 2019-06-28 19:52:31

Popularity: 257

Author: Lindsey O'Donnell

Keywords:

medicaresupplement.com

mongodb database

Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com.

...more

Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

Published: 2019-06-12 13:25:43

Popularity: 168

Author: Lindsey O'Donnell

Keywords:

Next Unit of Computing

NUC

Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.

...more

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Published: 2019-06-03 12:28:42

Popularity: 1233

Author: Tom Spring

Keywords:

synthetic mouse clicks

zero-day

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations.

...more

Linux Kernel Flaw Allows Remote Code-Execution

Published: 2019-05-14 15:21:17

Popularity: 362

Author: Tara Seals

Keywords:

use-after-free

The bug is remotely exploitable without authentication or user interaction.

...more

Google Titan Security Key Recalled After Bluetooth Pairing Bug

Published: 2019-05-15 20:01:32

Popularity: 331

Author: Lindsey O'Donnell

Keywords:

Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.

...more

High-Severity PrinterLogic Flaws Allow Remote Code Execution

Published: 2019-05-07 01:31:10

Popularity: None

Author: None

🤖: "Printer bomb detonated"

The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.

...more

New 'Sodinokibi' Ransomware Exploits Critical Oracle WebLogic Flaw

Published: 2019-04-30 23:38:56

Popularity: None

Author: None

A recently-patched critical flaw in Oracle WebLogic is being actively exploited to peddle a new ransomware variant, which researchers call "Sodinokibi."

...more

Android-Based Sony Smart-TVs Open to Image Pilfering

Published: 2019-04-25 21:13:31

Popularity: 304

Author: Tara Seals

Keywords:

A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.

...more

Rogue Waves: Preparing the Internet for the Next Mega DDoS Attack

Published: 2019-04-15 12:07:03

Popularity: 242

Author: Tony Lauro

Keywords:

QCF

Why many attack techniques can be reused – but organizations can't defend against them.

...more

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

Published: 2019-03-12 15:09:12

Popularity: 92

Author: Tara Seals

Keywords: