Cyber News - Page 14

Home > Cyber News

This category contains informative articles and news.
Cyber News about data breaches, online privacy and security, computer security threats, cybersecurity reports, vulnerability reports. News about the latest malware attacks.
Hot news about the security of Microsoft (Patch Tuesdays), Google, Android, Apple, Linux, and other big companies and software vendors.

CYBER NEWS
software-vulnerability-alert-sensorstechforum

CVE-2022-1680: Critical GitLab Vulnerability Allows Account Takeover

GitLab has discovered and fixed a highly critical vulnerability that could lead to account takeover. Tracked as CVE-2022-1680 and rated 9.9 out of 10 on the CVSS scale, the flaw affects all versions of GitLab Enterprise Edition from 11.10 before…

CYBER NEWS
CVE-2022-26134: Critical RCE Vulnerability in Confluence Server and Data Center

CVE-2022-26134: Critical RCE Vulnerability in Confluence Server and Data Center

CVE-2022-26134 is a new critical unauthenticated remote code execution vulnerability in Confluence Server and Data Center. Atlassian has already confirmed that all supported versions of Confluence Server and Data Center are affected. However, the earliest affected version should be confirmed…

CYBER NEWS
clipminer

ClipMiner Trojan Operation Made $1.7 Million from Crypto Mining and Clipboard Hijacking

Security researchers discovered a malicious operation that made at least $1.7 million from cryptocurrency mining and clipboard hijacking. Unearthed by Symantec’s Threat Hunter Team, the malware in the operation, ClipMiner, shares lots of similarities with the KryptoCibule trojan, and it…

CYBER NEWS
XLoader Malware Now Using Probability Theory to Hide Its C2 Servers

XLoader Malware Now Using Probability Theory to Hide Its C2 Servers

The XLoader, also known as Formbook, malware has now been equipped with new capabilities. Check Point security researchers have observed an enhanced version that has adopted a probability-based method to conceal its command-and-control servers. By implementing this approach, it is…

CYBER NEWS
Vodafone's TrustPid System to Introduce Persistent User Tracking-sensorstechforum

Vodafone’s TrustPid System to Introduce Persistent User Tracking

User tracking has been taken to another level. Vodafone, one of the largest telecommunications corporations in the world, is introducing a new advertising ID system, which is currently being tested in Germany together with Deutsche Telekom. TrustPid System Introduces Persistent…

CYBER NEWS
Microsoft Releases Mitigation Details against CVE-2022-30190 (Follina)

Microsoft Releases Mitigation Details against CVE-2022-30190 (Follina)

Yesterday we reported the emergence of a new zero-day affecting Microsoft Office and other Microsoft products, dubbed Follina by researcher Kevin Beaumont. The issue exists in all currently supported Windows versions, and can be leveraged via Microsoft Office versions 2013…

CYBER NEWS
New Follina Zero-Day in Microsoft Office Puts Businesses at Risk

New Follina Zero-Day in Microsoft Office Puts Businesses at Risk

Follina, now known as CVE-2022-30190 (mitigation is also available), is the name of a new zero-day in Microsoft Office that could be leveraged in arbitrary code execution attacks. The vulnerability was unearthed by the nao_sec research team, following the discovery…

CYBER NEWS
enemybot botnet

Enemybot Botnet Now Exploiting CMS, Web Server and Android Flaws

A new distributed denial-of-service botnet has been detected in the wild. Update. According to a new research released by AT&T, EnemyBot is now quickly adopting “one-day vulnerabilities as part of its exploitation capabilities.” Services such as VMware Workspace ONE, Adobe…

CYBER NEWS
CVE-2022-26082: Vulnerabilities in the Open Automation Software Platform

CVE-2022-26082: Vulnerabilities in the Open Automation Software Platform

Security researchers from cybersecurity firm Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software (OAS) Platform. Vulnerabilities in the Open Automation Software Platform (CVE-2022-26082) The vulnerabilities could be used in various attacks, including denial-of-service caused by improper authentication.…

CYBER NEWS
CVE-2019-6260: Critical Flaw in Quanta Cloud Technology Servers

CVE-2019-6260: Critical Flaw in Quanta Cloud Technology Servers

A new research sheds light on a severe vulnerability that affects Quanta Cloud Technology servers. The vulnerability, known as Pantsdown and CVE-2019-6260, could cause malicious code execution attacks. According to Eclypsium researchers, the flaw was discovered in 2019, affecting multiple…

CYBER NEWS
malvertising-anydesk-app-google-ads-sensorstechforum

ChromeLoader Hijacks Windows and macOS Systems in Malvertising Campaign

Beware a persistent and widespread browser hijacker capable of modifying browser settings and redirecting user traffic to advertisement sites. Security researchers are warning about an increase of ChromeLoader campaigns. The threat was first observed in early February, but is now…

CYBER NEWS
Linux Threat Alert: VMware ESXi Servers Targeted by Cheerscrypt Ransomware

Linux Threat Alert: VMware ESXi Servers Targeted by Cheerscrypt Ransomware

Security researchers discovered a new ransomware family that targets Linux systems. Called Cheerscrypt, the ransomware targets VMware ESXi servers. It is noteworthy that last year two vulnerabilities in the VMWare ESXi product were included in the attacks of at least…

CYBER NEWS
Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux

Malicious Python Package [pymafka] Drops Cobalt Strike on macOS, Windows and Linux

Security researchers detected a “mysterious” malicious Python package that downloads the Cobalt Strike malware on Windows, Linux, and macOS systems. Called “pymafka,” the package masquerades as the legitimate popular library PyKafka, a programmer-friendly Kafka client for Python. According to Sonatype…

CYBER NEWS
CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox

CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox

Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox…

CYBER NEWS
CVE-2021-22573 is a vulnerability in Google’s OAuth client for Java

CVE-2021-22573: Google OAuth Java Client Vulnerability

CVE-2021-22573 is a vulnerability in Google’s OAuth client for Java, with a severity score of 8.7 out of 10 on the CVSS scale. What Causes the CVE-2021-22573 Vulnerability? The vulnerability stems from the fact that “IDToken verifier does not verify…

CYBER NEWS
UpdateAgent Dropper Returns in New Campaigns Targeting Mac Users

UpdateAgent Dropper Returns in New Campaigns Targeting Mac Users

UpdateAgent is a malware dropper with a well-built infrastructure targeting macOS systems, and it seems that it has been updated once again. According to Jamf Threat Labs, changes were implemented to the dropper, primarily focused on new executables written in…

CYBER NEWS

5 macOS Vulnerabilities that Shouldn’t Be Overlooked

macOS is generally believed to be bulletproof against malware attacks. Unfortunately, statistics reveal a different picture where Apple’s operating system is often found vulnerable. For instance, in 2017 security researchers detected an increase of 28.83 percent of total reported security…

CYBER NEWS
Google Play Plagued by 200 Fake Apps Delivering Facestealer Spyware

Google Play Plagued by 200 Fake Apps Delivering Facestealer Spyware

A new report sheds some light on an extensive fake Android app campaign that distributes the Facestealer spyware. New Campaign of Fake Android Apps Delivers Facestealer Spyware First documented in July 2021, the malware is designed to steal logins and…

CYBER NEWS
CVE-2022-22675: Zero-Day Vulnerability in macOS and watchOS

CVE-2022-22675: Zero-Day Vulnerability in macOS and watchOS

A zero-day vulnerability in Macs and Apple watches has been fixed. The vulnerability, assigned the CVE-2022-22675 number, could have been exploited in the wild, Apple said. The flaw was most probably used in targeted attacks. However, applying the update immediately…

CYBER NEWS
Eternity Project Malware-as-a-Service Sold on Telegram

Eternity Project Malware-as-a-Service Sold on Telegram

Eternity Project is the name of a malware toolkit which is currently in active development and is being sold as malware-as-a-service. Researchers are still unaware of the threat actor selling the malware that enables amateur hackers to get hold of…

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree