Apps in Beta Mode Should Be Avoided The FBI has released an advisory urging consumers to avoid downloading apps labeled as being in beta test mode, as these apps might be linked to scams designed to illicitly acquire cryptocurrency and…
In a concerning development, an unidentified threat actor has unleashed a new variant of the Yashma ransomware, initiating a string of attacks on diverse entities across English-speaking countries, Bulgaria, China, and Vietnam. These malicious activities have been ongoing since June…
Adobe has recently issued a fresh set of updates to rectify an incomplete fix for a recently revealed vulnerability in ColdFusion, which has been actively exploited in real-world scenarios. CVE-2023-38205 This critical issue, identified as CVE-2023-38205 with a CVSS score…
Ever wondered how your home Wi-Fi can be hacked if someone showed interest in it? It is easier than you though, with the only challenge being getting your hands onto the proper hardware. We have decided to explain how wardriving,…
Fortinet has identified a vulnerability, CVE-2023-27997, in its FortiGate firewalls that could be leveraged maliciously to gain remote code execution capability. This issue has been found on every SSL VPN appliance, but the details of the security flaw are shrouded…
Security researchers reported that software companies Cisco and VMWare have released security advisories regarding several critical vulnerabilities in their products. CVE-2023-20887: the VMWare Vulnerabilities VMWare has issued updates to address three significant bugs within Aria Operations for Networks that could…
CVE-2023-3079 is a type confusion bug in V8. On Monday, Google released a security patch to take care of a critical vulnerability in the Chrome web browser, which it claimed had already been subjected to an attack. CVE-2023-3079 in Chrome:…
Security researchers recently detected an active and continuous operation with a large scale, administering Magecart infiltration attacks on legitimate e-commerce websites. New Magecart Campaign Detected in the Wild Recent weeks have shown a surge in Magecart-style skimmer campaigns. This new…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding active exploitation of medium-severity Samsung device vulnerability, tracked as CVE-2023-21492 and scoring 4.4 on CVSS. The issue impacts Samsung Devices running Android versions 11, 12, and 13.…
CVE-2023-27217 is a new security vulnerability in Belkin’s second-generation Wemo Mini Smart Plug, which was discovered by Israeli IoT security company Sternum. Belkin’s second-generation Wemo Mini Smart Plug (F7C063) was found to contain a buffer overflow vulnerability, identified as CVE-2023-27217,…
Recent months have seen an uptick in the number of Geacon payloads appearing on VirusTotal, a Golang implementation of Cobalt Strike specifically designed for targeting Apple macOS systems. According to SentinelOne’s security researchers Phil Stokes and Dinesh Devadoss, some of…
Due to VMware’s popularity in the virtualization field and its prominence in many organization’s IT systems, their virtual infrastructure products have become highly attractive targets for attackers. This increase in attacks is due to a lack of security tools, inadequate…
An ongoing phishing campaign known as MEME#4CHAN has been uncovered in the wild, which uses a peculiar attack chain to deliver XWorm malware to targeted systems. Den Iuzvyk, Tim Peck, and Oleg Kolesnikov of Securonix recently revealed that the campaign…
CVE-2023-29324 is a new vulnerability in the Windows MSHTML platform. CVE-2023-29324 Technical Overview: What Is Known So Far First of, let’s explain what the MSHTML platform is. MSHTML, commonly referred to as Trident, is the browser engine used by Microsoft’s…
Microsoft has released its May 2023 Patch Tuesday updates to tackle 38 security issues, including one zero-day bug that is reportedly being exploited in the wild. Microsoft’s May 2023 Patch Tuesday According to Trend Micro’s Zero Day Initiative (ZDI), this…
FortiGuard Labs recently warned in an outbreak alert of a five-year-old flaw being abused by threat actors, affecting TBK digital video recording (DVR) devices. This severe security vulnerability, which has been designated CVE-2018-9995 (CVSS score: 9.8), is a critical authentication…
Cybersecurity researchers recently uncovered several malicious campaigns which used Google ads to disseminate malware like Gozi, RedLine, Vidar, Cobalt Strike, SectoRAT, and Royal Ransomware, masking them as legitimate applications such as 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, and Rufus. One…
Maintainers of the Apache Superset open source data visualization software have issued updates to address a security vulnerability, tracked as CVE-2023-27524, with a CVSS score of 8.9. This vulnerability, which is present in versions 2.0.1 and prior, is caused by…
Cisco recently addressed a highly severe vulnerability in one of its products. Cisco recently released an advisory detailing a critical command injection flaw found in their Industrial Network Director. The vulnerability has been identified as CVE-2023-20036, with a CVSS score…
The vm2 JavaScript library has just released two new patches to mitigate two critical vulnerabilities, CVE-2023-29199 and CVE-2023-30547, both rated 9.8 on the CVSS scoring system. Versions 3.9.16 and 3.9.17, respectively, contain the fixes for the bugs which enable an…
