Cyber News - Page 4

Home > Cyber News

This category contains informative articles and news.
Cyber News about data breaches, online privacy and security, computer security threats, cybersecurity reports, vulnerability reports. News about the latest malware attacks.
Hot news about the security of Microsoft (Patch Tuesdays), Google, Android, Apple, Linux, and other big companies and software vendors.

CYBER NEWS
UNC4990 Threat Group Exploits USB Devices and Legitimate Platforms

UNC4990 Threat Group Exploits USB Devices and Legitimate Platforms

Cybersecurity firm Mandiant recently uncovered a financially motivated threat actor, UNC4990, utilizing USB devices for initial infections. The group is exploiting legitimate online platforms such as GitHub, Vimeo, and Ars Technica. The threat actor cleverly hides encoded payloads within seemingly…

CYBER NEWS
CVE-2022-48618 Apple Flaw in macOS, iOS Actively Exploited

CVE-2022-48618: Apple Flaw in macOS, iOS Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a high-severity flaw to its Known Exploited Vulnerabilities (KEV) catalog, affecting a spectrum of Apple devices, including iOS, iPadOS, macOS, tvOS, and watchOS. CVE-2022-48618: Technical Overview Tracked as CVE-2022-48618 with…

CYBER NEWS
CVE-2024-0402 Critical File Writing Vulnerability in GitLab

CVE-2024-0402: Critical File Writing Vulnerability in GitLab

A vulnerability has been identified in GitLab CE/EE, impacting all versions from 16.0 to 16.5.8, 16.6 to 16.6.6, 16.7 to 16.7.4, and 16.8 to 16.8.1. This flaw enables authenticated users to write files to any location on the GitLab server…

CYBER NEWS
CVE-2023-6246

CVE-2023-6246: GNU C Flaw Exposes Linux to Local Privilege Escalation

A newly disclosed security vulnerability in the GNU C library (glibc) has raised significant concerns within the cybersecurity community. Tracked as CVE-2023-6246, this heap-based buffer overflow flaw has the potential to allow malicious local attackers to obtain full root access…

CYBER NEWS
Meet Faust the Latest Phobos Ransomware Variant-min

Meet Faust: the Latest Phobos Ransomware Variant

In a recent discovery by Fortinet FortiGuard Labs, a new iteration of the Phobos ransomware family, known as Faust, has been detected in the wild. More particularly, the researchers came across an Office document housing a VBA script designed to…

CYBER NEWS
NSA Admits to Purchasing Internet Browsing Records of US Citizens

NSA Admits to Purchasing Internet Browsing Records of US Citizens

The U.S. National Security Agency (NSA) has confirmed its practice of buying internet browsing records from data brokers, raising concerns about potential privacy violations. According to U.S. Senator Ron Wyden, the NSA’s admission came as part of efforts to identify…

CYBER NEWS
CVE-2024-20253 Critical Code Execution Flaw in Cisco Products-min

CVE-2024-20253: Critical Code Execution Flaw in Cisco Products

Cisco has recently issued patches to rectify a critical security vulnerability affecting Unified Communications and Contact Center Solutions products, presenting a potential risk of arbitrary code execution by an unauthenticated, remote attacker. Vulnerability Details (CVE-2024-20253) The flaw, tracked as CVE-2024-20253…

CYBER NEWS
CherryLoader Not Your Average Go-based Malware Loader

CherryLoader: Not Your Average Go-based Malware Loader

A new Go-based malware loader named CherryLoader has surfaced in the wild, posing a significant threat by delivering additional payloads onto compromised hosts for subsequent exploitation. CherryLoader Malware Loader in Detail CherryLoader operates deceptively, disguising itself as the legitimate CherryTree…

CYBER NEWS
Cracked macOS Apps Deliver Infostealers that Drain Crypto Wallets

Cracked macOS Apps Deliver Infostealers that Drain Crypto Wallets

Cybersecurity experts from Kaspersky have uncovered a sophisticated method employed by hackers to deliver information-stealing malware to macOS users. This insidious campaign employs a stealthy approach, utilizing DNS records to conceal malicious scripts and target users of macOS Ventura and…

CYBER NEWS
40,000 Attacks Targeting CVE-2023-22527 in the Wild

40,000 Attacks Targeting CVE-2023-22527 in the Wild

Malicious actors swiftly seized upon a recently exposed critical security vulnerability affecting Atlassian Confluence Data Center and Confluence Server, launching active exploitation campaigns within a mere three days of its public disclosure. Threat Actors Weaponizing CVE-2023-22527 Identified as CVE-2023-22527 with…

CYBER NEWS
CVE-2023-35081 Critical Flaw in Ivanti EPMM

CVE-2023-35081: Critical Flaw in Ivanti EPMM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core, adding it to the Known Exploited Vulnerabilities catalog. CVE-2023-35081: Disclosure and Overview The vulnerability, identified as CVE-2023-35082 with…

CYBER NEWS
TensorFlow CI CD Flaws Create Risk of Supply Chain Attacks-min

TensorFlow CI/CD Flaws Create Risk of Supply Chain Attacks

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered within the widely-used TensorFlow machine learning framework raise concerns about potential supply chain attacks. TensorFlow Vulnerabilities and the Risk of Supply Chain Attacks Praetorian researchers Adnan Khan and John Stawinski highlighted vulnerabilities…

CYBER NEWS
Mac Malware Trends 2024 macOS Infostealers Evading XProtect-min

Mac Malware Trends 2024: macOS Infostealers Evading XProtect

A concerning trend has emerged on the macOS platform. Multiple information stealers have showcased a remarkable ability to outsmart detection, even in the face of frequent monitoring and reporting by security companies. XProtect, macOS’s built-in anti-malware system, is designed to…

CYBER NEWS
MyFlaw Vulnerability in Opera Browser Allows Code Execution on Windows and macOS-min

MyFlaw Vulnerability in Opera Browser Allows Code Execution on Windows and macOS

Guardio Labs’ research team has recently unearthed a critical zero-day vulnerability in the widely used Opera web browser family. This vulnerability, codenamed MyFlaw, poses a significant threat as it enables attackers to execute malicious files on both Windows and MacOS…

CYBER NEWS
CVE-2023-49722 Bosch Thermostats and Nutrunners Open to Attacks

CVE-2023-49722: Bosch Thermostats and Nutrunners Open to Attacks

Romanian cybersecurity firm Bitdefender has unveiled multiple security vulnerabilities in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. If successfully exploited, these vulnerabilities could empower attackers to execute arbitrary code on the affected systems, raising concerns about the potential compromise…

CYBER NEWS
CVE-2023-7028 gitlab critical flaw-min

CVE-2023-7028: GitLab Fixes Critical Account-Hijacking Flaws

GitLab has released crucial security updates for both its Community and Enterprise Editions to counteract two critical vulnerabilities. One of these vulnerabilities has the potential for account hijacking with no user interaction, posing a significant threat to organizations relying on…

CYBER NEWS
CVE-2024-20272 Critical Flaw in Cisco Unity Connection-min

CVE-2024-20272: Critical Flaw in Cisco Unity Connection

Cisco has recently addressed a critical security flaw in its Unity Connection. Unity Connection is a fully virtualized messaging and voicemail solution designed for various platforms, including email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, and tablets.…

CYBER NEWS
CVE-2023-51467 in Apache OfBiz Puts Enterprises at Risk-min

CVE-2023-51467 in Apache OfBiz Puts Enterprises at Risk

Apache OFBiz, an open-source Enterprise Resource Planning (ERP) system, has fallen prey to a newly unearthed zero-day security vulnerability. This flaw, identified as CVE-2023-51467, resides within the login functionality of the system, creating a potential avenue for threat actors to…

CYBER NEWS
BlackCat Ransomware Is Dead, Free Decryption Key Released-min

BlackCat Ransomware Is Dead, Free Decryption Key Released

The U.S. Justice Department (DoJ) has officially dismantled the notorious BlackCat ransomware operation, presenting a decryption tool to over 500 victims to recover their files encrypted by the malicious software. Court documents reveal that the U.S. Federal Bureau of Investigation…

CYBER NEWS
In 2023, Microsoft Addressed More Than 900 Flaws

In 2023, Microsoft Addressed More Than 900 Flaws

Microsoft’s December 2023 Patch Tuesday: Wrapping Up the Year Microsoft bids farewell to 2023 with its final Patch Tuesday updates, addressing 33 flaws in its software. Remarkably, this release marks one of the lighter ones in recent years, featuring four…

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree