CVE-2021-21985 is a critical vulnerability in VMware vCenter that needs to be patched immediately. The vulnerability has been rated with a CVSS score of 9.8 out of 10, and it could enable a malicious actor to execute arbitrary code on…
A team of security researchers identified a new type of attack that endangers Bluetooth devices. The vulnerabilities are located in Bluetooth Core and Mesh Profile Specifications, and could help attackers conceal their endeavours as legitimate devices to perform man-in-the-middle attacks.…
How private are Android apps? Security researchers discovered 23 mobile applications leaking the personal data of their users, and making it public to the open internet. According to a new Check Point research, chat messages, emails, locations, passwords, photos, and…
The adoption of cloud collaboration tools in organizations has increased, and so has the interest of hackers. According to a new research by Proofpoint, there has been an acceleration in threat actors exploiting Microsoft and Google’s cloud infrastructure to host…
Earlier this month, four security vulnerabilities in Qualcomm Graphics and Arm Mali GPU Driver that affected Android were patched. Since it is highly likely that the vulnerabilities were exploited in the wild, Google had to update its security bulletin. Four…
A recent announcement on the official Google blog revealed that the company has upgraded the functionalities of its Chrome browser. The Chrome password manager built-in tool which stores users’ login credentials for different sites has been set to detect security…
Here’s an illustrious example of irony in the cybersecurity field. Last week the French branch of cyberinsurance company AXA said it would no longer write policies to cover ransomware payments. Shortly after this announcement, the company’s operations in Thailand, Malaysia,…
Cybersecurity researchers just revealed a new dangerous banking trojan originating from Brazil and targeting Android users in Spain, Portugal, France, and Italy. Called Bizarro, the trojan is attempting to steal login credentials from customers of 70 banks. “Following in the…
The DarkSide ransomware group, known for the attack against Colonial Pipeline, has a new victim – a subsidiary of Japanese tech company Toshiba. The company has admitted to being a victim of a security breach caused by the DarkSide ransomware.…
Security researchers outlined a new ransomware trend that they have been observing – triple extortion. According to Check Point’s latest ransomware report, ransomware operators are now relying on the so-called triple extortion, where they are demanding ransom payments from the…
News reports indicate that Colonial Pipeline paid a ransom in the amount of $5 million to the DarkSide ransomware collective. The devastating attack has also created volatility in the fuel prices in the East Coast. Colonial Pipeline Pays Ransom “The…
To the attention of owners of Apple’s macOS and iOS devices: the Find My device function has been found vulnerable. The vulnerability could be exploited to transfer data to and from random passing devices, even without being connected to the…
Security researchers reported that an Object Injection Vulnerability is found in WordPress. The vulnerability impact has been rated as “critical” by the National Vulnerability Database. WordPress users should patch their sites as soon as possible. The Critical Object Injection Vulnerability…
Security researchers just reported a new type of cyberattack that endangers the security of Wi-Fi devices. Known as FragAttacks, or fragmentation and aggregation attacks, the threat is a collection of new security flaws affecting Wi-Fi devices. Discovered by Mathy Vanhoef…
Did you install the latest batch of updates from Microsoft’s May 2021 Patch Tuesday? If you haven’t, you should do it as soon as possible, as it contains fixes for four critical security flaws. May 2021 Patch Tuesday Overall, this…
Few days ago, Colonial Pipeline’s networks in the United States were hit by a ransomware attack that created an unprecedented chaos. Following the devastating incident, the U.S. Federal Motor Carrier Safety Administration, shortly known as FMCSA issued a regional emergency…
Another set of patches addressing critical security vulnerabilities was just released by Cisco. Vulnerabilities in Cisco SD-WAN vManage Software Some of the vulnerabilities affect the company’s SD-WAN vManage software. “Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated,…
Security researchers recently observed a new information stealer (infostealer) malware. Called Panda Stealer, the malware is distributed via spam emails mostly in the US, Australia, Japan, and Germany. Trend Micro’s research shows that Panda Stealer is also utilizing fileless techniques…
This week, Apple addressed a couple of security flaws that have been exploited in the wild. The vulnerabilities, known as CVE-2021-30665 and CVE-2021-30663 affect WebKit in macOS Big Sur. What Is CVE-2021-30665? The vulnerability is a memory corruption issue that…
A sample of Linux malware has been circling the web for at least three years without being detected. The discovery comes from security firm Qihoo 360 NETLAB. “On March 25, 2021, 360 NETLAB’s BotMon system flagged a suspiciousELF file with…
