Apple has released fixes addressing 37 software vulnerabilities in its operating systems iOS, iPadOS, macOS, tvOS, and watchOS. The flaws affect different parts of iOS and macOS and could be used for escalation of privilege, arbitrary code execution, information disclosure…
A new macOS backdoor is making rounds in the wild in targeted attacks aiming to steal sensitive information. CloudMensis macOS Backdoor: What’s Known So Far The backdoor, called CloudMensis, is exclusively using public cloud storage services to communicate with the…
Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) detailed a large-scale phishing campaign that utilized the so-called adversary-in-the-middle (AiTM) phishing sites. The sites were deployed to harvest passwords, hijack sign-in sessions, and skip authentication processes, including MFA…
Microsoft recently disclosed a macOS vulnerability, identified as CVE-2022-26706, that could allow specially crafted codes to escape the App Sandbox and run unrestricted. The findings have been shared with Apple via the Coordinated Vulnerability Disclosure and Microsoft Security Vulnerability Research…
CVE-2021-22048 is a high-severity privilege escalation vulnerability in the VMware vCenter Server IWA mechanism, which also affects the Cloud Foundation hybrid platform. Eight months after the vulnerability was disclosed, the company released a patch for one of the affected versions.…
Axie Infinity is a popular blockchain gaming platform which was involved in a large hacking incident resulting in the loss of $540 million in cryptocurrency. The platform is a non-fungible token-based online video game developed by Vietnamese studio Sky Mavis,…
CVE-2022-34265 is a new high severity vulnerability in the Django project, an open-source Python-based web framework. The vulnerability has been reported by Takuto Yoshikai from Aeye Security Lab. CVE-2022-34265: Short Technical Overview The vulnerability has been fixed in Django 4.0.6…
YTStealer is a new malware designed to steal YouTube authentication cookies. Discovered by Intezer researchers, the malware, which is based on the Chacal open-source GitHub project, operates as a typical stealer. Once installed, its first goal is performing environment checks…
Security researchers discovered a new sandbox evasion technique. Called API hammering, the technique involves the use of a large number of calls to Windows APIs to achieve an extended sleep condition. The latter helps to evade detection in sandbox environments.…
Cybersecurity researchers detected a new malware tool that helps threat actors build malicious Windows shortcut files, known as .LNK files. Quantum LNK Builder and the Use of .lnk Files Dubbed Quantum Lnk Builder, the tool is currently being offered for…
CVE-2019-11043 is a critical, three-year-old PHP vulnerability that currently exposes QNAP NAS devices. CVE-2019-11043 Technical Overview The vulnerability affects PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config. According to its technical profile,…
CVE-2022-22620 is a security vulnerability in Apple’s Safari browser which has been exploited in the wild. Originally patched in 2013, the flaw re-emerged in December 2016, Maddie Stone from Google Project Zero said in her analysis. The researcher referred to…
CVE-2022-25845 is a high-severity security flaw (rating 8.1 out of 10 on the CVSS scale) in the well-known Fastjson library which could be used in remote code execution attacks. Fortunately, the vulnerability is already patched. The vulnerability stems from deserialization…
Hertzbleed is a new family of side-channel attacks associated with frequency side channels that may allow information disclosure. The issue was discovered and detailed by a group of researchers from University of Texas, University of Washington, and University of Illinois…
Microsoft’s June 2022 Patch Tuesday has rolled out, containing fixes for 55 vulnerabilities, including the infamous Follina flaw. Until today, only a mitigation was available for the CVE-2022-30190 Microsoft Office zero-day which could be leveraged in arbitrary code execution attacks.…
PureCrypter is a new malware loader currently being developed by a threat actor known as PureCoder. The loader is fully-featured and has been sold in underground markets since at least March 2021, according to a new report by Zscaler researchers.…
Here’s an example of an actively exploited vulnerability which is now used by ransomware operators: CVE-2022-26134. This is indeed the critical Atlassian unauthenticated remote code execution vulnerability in its Confluence Server and Data Center. The vulnerability ensures initial access to…
HelloXD is the name of a relatively new ransomware family which has been carrying out double extortion attacks since November 2021. The ransomware has multiple variants that impact both Windows and Linux systems. What distinguishes HelloXD from other, similar ransomware…
A team of MIT CSAIL researchers recently disclosed PACMAN, “a novel hardware attack that can bypass Pointer Authentication (PAC) on the Apple M1 CPU.” The attack is based on speculative execution attacks to circumvent a central memory protection mechanism, known…
Symbiote, discovered by Blackberry researchers, is a new Linux malware designed to infect all running processes on infected machines. The malware is capable of stealing account credentials and providing backdoor access to its operators. A Look into Symbiote Linux Malware…
