New Linux vulnerabilities discovered. Security researchers from jFrog and Claroty reported the discovery of 14 vulnerabilities in the BusyBox Linux utility. BusyBox Linux Vulnerabilities: from CVE-2021-42373 to CVE-2021-42386 What is BusyBox? BusyBox provides commands for embedded Linux environment within Android.…
Robinhood, the commission-free investing platform, has suffered an enormous data breach, according to a statement the company made. Related: Volkswagen Vendor Data Breach Exposed Details of 3.3 Million Customers Late in the evening of November 3, Robinhood experienced a data…
CVE-2021-43267 is a newly disclosed security vulnerability in the Linux Kernel’s Transparent Inter Process Communication (TIPC). The flaw can be exploited both locally and remotely, allowing for arbitrary code execution within the kernel. The result of this would be taking…
CVE-2021-1048 is a new zero-day vulnerability in Android that was fixed together with 38 other flaws in November 2021’s patch rollout. Apparently, the zero-day is being exploited in the wild. CVE-2021-1048 Kernel Zero-Day CVE-2021-1048 is a use-after-free issue in the…
Shrootless, or CVE-2021-30892, is a new, OS-level vulnerability that could allow threat actors to circumvent security restrictions, known as System Integrity Protection (SIP), in macOS to take over the device. Once this is done, hackers could perform various arbitrary operations…
Cybercriminals have been quite active in developing new malware samples and improving their malicious approaches. According to PurpleSec statistics, cybercrime activity throughout 2021 has been up 600% due to the COVID-19 pandemic. As a result, cybersecurity researchers have analyzed some…
A previously unknown malware loader was uncovered this week. Called Wslink, the tool has been described as “simple yet remarkable,” capable of loading malicious Windows binaries. The loader has been used in attacks against Central Europe, North America, and the…
A new malware loader with the potential to become “the next big thing” in spam operations has been detected. Dubbed SquirrelWaffle, the threat is “mal-spamming” malicious Microsoft Office documents. The end goal of the campaign is delivering the well-known Qakbot…
Security researchers detected a global, large-scale premium SMS campaign that leverages 151 malicious Android apps downloaded 10.5 million times. The end goal of the campaign, called UltimaSMS, is to trick users into premium subscription services without their knowledge or consent.…
Mozilla blocked two malicious Firefox add-ons installed by nearly half a million users. The extensions abused the Proxy API to obstruct updates to the browser. Related: The Great Suspender Chrome Extension Contains Malware Bypass and Bypass XM Extensions Obstruct Browser…
Truth Social is a new social media network allegedly being developed by Donald Trump. Trump Announces New Social Media Platform to Fight the Tyranny of Big Tech The former president announced on Wednesday the pending launch of the social network,…
CVE-2021-42299 is a new vulnerability in Microsoft Surface Pro 3 laptops. The flaw could enable attackers to introduce malicious devices within enterprise networks, compromising the device attestation mechanism. As explained by Microsoft, this mechanism helps confirm a device’s identity. It…
The Argentinian government’s IT network has been hacked. As a result, ID card details of the entire population of the country were stolen. The data is now being sold in “private circles,” The Record recently reported. Apparently, the hack of…
The fourth edition of the well-known Tianfu Cup hacking content took place during the weekend of October 17 and 17 in Chengdu. The competition was won by Kunlun Lab, a Chinese cybersecurity company. Kunlun Lab’s team got the monetary award…
A new vulnerability is lurking in unpatched versions of LibreOffice and OpenOffice, making it possible for hackers to manipulate documents to make them look like they have been signed by a trusted source. Even though the vulnerability (CVE-2021-41832 in OpenOffice…
NSA recently released a warning regarding a specific type of attack, known as the ALPACA technique. Shortly said, the Agency is warning network administrators of the risk of using “poorly scoped wildcard Transport Layer Security (TLS) certificates.” NSA’s guidance also…
Security researchers have uncovered a new, previously unseen malware family targeting Linux systems. Dubbed FontOnLake by ESET researchers, and HCRootkit by Avast and Lacework, the malware has rootkit capabilities, advanced design and low prevalence, suggesting that it is primarily meant…
There’s an issue with the popular open-source CAPTCHA software developed by MyBB. The platform is warning its users that the latest version of its software includes a CAPTCHA-breaking bug that could affect forum functionality. MyBB CAPTCHA Bug Explained MyBB is…
Security researchers just reported three security vulnerabilities (CVE-2021-31986, CVE-2021-31987, CVE-2021-31988) in Axis video products, that could be exploited in various attacks against businesses. The flaws are located in Axis IP video surveillance systems and could allow arbitrary code execution. CVE-2021-31986,…
Apache just patched two security vulnerabilities (CVE-2021-41773 and CVE-2021-33193) in Apache HTTP Server 2.4.49, one of which important and the other one moderate. CVE-2021-41773 CVE-2021-41773 is a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49. There are…
