New Oracle WebLogic Server vulnerabilities were just reported with the Critical Patch Update for July 2021. 342 issues were fixed across multiple Oracle products, some of which remotely exploitable and enabling attackers to take control of vulnerable systems. CVE-2019-2729 in…
Formbook is an old infostealer, more exactly form-stealer, and keylogger that has now added Mac users to its target list. Apparently, the malware is being sold for as little as $49 on underground forums, enabling cybercriminals to perform various malicious…
A new, highly severe privilege escalation vulnerability in HP printer drivers, also used by Samsung and Xerox, was just disclosed. The vulnerability, which has been assigned the CVE-2021-3438 identifier, affects hundreds of millions of Windows machines. What is most concerning…
A new severe security vulnerability in Windows 10 has been uncovered. Called HiveNightmare, the vulnerability has been assigned the CVE-2021-36934 identifier. HiveNightmare: CVE-2021-36934 Windows 10 Version 1809 (and Newer) Vulnerability What type of vulnerability is HiveNightmare? According to Microsoft’s official…
The latest news shared by one of the social media giants – Facebook, states that the company had suspended the accounts of 200 Iranian hackers who had been running a cyber-spying operation against people working for the U.S. military and…
Microsoft Windows July 2021 Patch Tuesday just rolled out, patching 12 critical security vulnerabilities in a total of 116 issues. It is noteworthy that three of the issues addressed this month were actively exploited in the wild. These bugs include…
There is a new security zero-day vulnerability (CVE-2021-35211) threatening SolarWinds, or more particularly, its Serv-U product line. The exploit was discovered and reported to SolawWinds by Microsoft. According to the official advisory, the newly disclosed zero-day “only affects affects Serv-U…
Security researchers reported several vulnerabilities in Philips Clinical Collaboration Platform Portal. Vulnerabilities in Philips Clinical Collaboration Platform Portal The vulnerabilities, 15 in total, could be used to take control of medical devices. According to an official CISA advisory, the flaws…
Security researchers just disclosed four vulnerabilities in the Sage X3 ERP platform (enterprise resource planning). One of the flaws is critical, with a score of 10 out of 10 on the CVSS scale. Furthermore, two of them could be chained…
Security researchers recently reported a vulnerability in Western Digital MyBook Live network storage drives. The vulnerability allowed remote attacker to wipe the drives “thanks to a bug in a product line the company stopped supporting in 2015, as well as…
Last week, the REvil ransomware gang carried out an unprecedented supply chain ransomware attack against customers of Kaseya’s VSA product. Update July 6, 2021: Even though the REvil cyber gang claims to have infected 1 million systems running Kaseya services, federal…
A new ransomware family was just discovered by security researchers. Called Diavol, the new ransomware was uncovered at the beginning of June, when Fortinet prevented a ransomware attack targeting one of its customers. After successfully halting the attack, the researchers…
Security researchers discovered a nameless malware campaign that stole 1.2 terabytes of personal information from 3.25 million Windows systems. As evident by screenshots the malware took, the campaign took place between 2018 and 2020, when a trojan sneaked into users’…
A series of security flaws were recently discovered by Microsoft in Netgear routers. The flaws could lead to data leaks and full system takeovers. Fortunately, the vulnerabilities were patched prior to public disclosure. How Microsoft discovered the Netgear firmware vulnerabilities…
CVE-2021-1675 is a critical Windows vulnerability with an available proof-of-concept that could enable remote attackers execute code. The PoC code was shared on GitHub earlier this week, and taken down within a few hours. However, these few hours were enough…
There’s a vulnerability in Google’s Compute engine platform that attackers could exploit to obtain control of virtual machines over the network. The discovery comes from security researcher Imre Rad who published an analysis on GitHub. He reported about “an unpatched…
The data of 700 million LinkedIn users has been compromised, according to a new report by Privacy Sharks. The researchers came across the data records on a popular underground forum where it was offered for sale. 700 Million LinkedIn Records…
Microsoft recently document an intriguing cybersecurity accident involving a threat actor that distributed malicious drivers across gaming environments. The Netfilter Driver: a Threat to the Gaming Community Evidently, the threat actor submitted a specific driver called Netfilter, built by a…
Security researchers just reported the discovery of a new malware they called Crackonosh. The malware was uncovered by Avast researchers after they received reports from reddit users saying that their AV programs were missing from their systems. Crackonosh Malware in…
Critical Vulnerability in VMware’s Carbon Black App Control There’s a vulnerability in VMware’s Carbon Black App Control management server. Rated 9.4 according to the CVSS scale, the severe flaw could grant threat actors with admin rights without any authentication. This…
