Malware and Vulnerabilities

Apple releases a patch for a security flaw found by researchers at Google and Microsoft

Apple releases a patch for a security flaw found by researchers at Google and Microsoft

Apple releases fix for a bug that could affect iPhone, iPad, and Mac which could lead to arbitrary code execution by visiting malicious web content. Like most bugs, this is a memory-related bug and affects WebKit, the browser behind Safari on iPhones and MacBooks. Apple has introduced security upgrades to macOS Big Sur 11.2.3 and …

Apple releases a patch for a security flaw found by researchers at Google and Microsoft Read More »

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions

The Salt Project has patched a privilege escalation bug impacting SaltStack Salt minions that could be used during a wider exploit chain.  The vulnerability, CVE-2020-28243, is described as a privilege escalation bug impacting SaltStack Salt minions allowing “an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name.”  The …

Salt Project patched a privilege escalation bug impacting SaltStack Salt minions Read More »

IBM has issued security patches to fix high- and medium-severity bugs

IBM has issued security patches to fix high- and medium-severity bugs

IBM has issued security patches to fix high- and medium-severity bugs affecting large business software solutions. The worst bugs could lead to malicious code execution and application crashes. This week, the tech giant published a set of security tips laying out fixes for vulnerabilities that impact IBM Java Runtime, IBM Planning Analytics Workspace, and IBM …

IBM has issued security patches to fix high- and medium-severity bugs Read More »

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cybersecurity company FireEye said today cybercriminal gang known as FIN11 performed a zero-day attack on Accellion FTA servers that hit 100 companies worldwide in December 2020 and January 2021. During the attack, hackers used four security bugs to attack FTA servers, including a web shell called DEWMODE, which the attackers used to download files stored …

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion Read More »

Python release quick updates to Fix remote code vulnerabilities

Python release quick updates to Fix remote code vulnerabilities

The Python Software Foundation (PSF) has rapidly launched Python 3.9.2 and 3.8.8 to address two significant security breaches, including one that is exploited remotely but with active terms that can only be used to hack an offline machine. The PSF urges its Python users legion to upgrade to Python 3.8.8 or 3.9.2 systems, mainly to …

Python release quick updates to Fix remote code vulnerabilities Read More »

Bug in a shared SDK may allow attackers to join calls undetected across multiple apps

Bug in a shared SDK may allow attackers to join calls undetected across multiple apps

A small library that provides audio and video call capabilities contain a bug that allows attackers to join audio and video calls without being detected. The bug – detected by security company McAfee and tracked as CVE-2020-25605 – affects the software development kit (SDK) provided by Agora, a US company specializing in delivering real-time communication …

Bug in a shared SDK may allow attackers to join calls undetected across multiple apps Read More »

Google patches Chrome zero-day vulnerability exploited in the wild

Google patches Chrome zero-day vulnerability exploited in the wild

Google has released today Stable version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today’s release contains only one bug fix for a Chrome zero-day vulnerability that was exploited in the wild. “Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,” the Google Chrome 88.0.4324.150 announcement reads. The …

Google patches Chrome zero-day vulnerability exploited in the wild Read More »

Google Chrome blocks eight ports against new NAT Slipstreaming attack

Google Chrome blocks eight ports against new NAT Slipstreaming attack

Following the discovery of the NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080. Google has blocked eight ports within the Chrome web browser to stop a new version of the attack called NAT Slipstreaming, the company’s engineers announced today. …

Google Chrome blocks eight ports against new NAT Slipstreaming attack Read More »

The fourth type of malware discovered in the SolarWind Hack

The fourth type of malware discovered in the SolarWind Hack

Symantec said it identified Raindrop, the fourth type of malware used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop. Cybersecurity company Symantec said it had identified another type of malware used during the attack on the SolarWinds, bringing the number to four, following the likes of Sunspot, Sunburst (Solorigate), and Teardrop. The tool was …

The fourth type of malware discovered in the SolarWind Hack Read More »

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Today, researchers have revealed a security vulnerability by exploiting which they could access more than 100,000 private worker records of United Nations Environmental Program (UNEP).  The information breach originated from Git directories and credentials, which permitted the researchers to clone Git stores and gather a lot of actually recognizable data of personally identifiable information (PII) …

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records Read More »