Tag: Vulnerability - Page 2

23 Feb

Experts Warn of Increasing Cyberattacks Targeting Zoho ManageEngine Products

On February 23, 2023, multiple threat actors have been observed exploiting a critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. Martin Zugec of Bitdefender's cybersecurity firm revealed in a technical advisory that the vulnerability "allows unauthenticated remote code execution due...

23 Feb

China-Linked Cyber Espionage Group Targeting South American Nations

Comments

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team.

The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday.

DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...

19 Feb

CISA Releases Decryptor Tool to Combat New ESXiArgs Ransomware Variant

in Cyber Security, Cybersecurity

Comments

After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data.The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB...

18 Feb

The Rising Risks of Cryptocurrency Use: Exploring Enigma, Vector, and TgToxic

in Cyber Security, Cybersecurity

Comments

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar...

17 Feb

VMware ESXi Server Ransomware Attack Evolves, Recovery Script Released

in Cyber Security, Cybersecurity, Ransomware, Security, Servers

Comments

The FBI and CISA have released a recovery script for the global ESXiArgs ransomware campaign targeting VMware ESXi servers, but the ransomware has since been updated to elude former attempts at remediation....

29 Nov

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

in Cyber Security, Cybersecurity

Comments

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorised attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit...

17 Nov

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

in Cyber Security, Cybersecurity

Comments

The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked...

Vulnerability Tag

Experts Warn of Increasing Cyberattacks Targeting Zoho ManageEngine Products

China-Linked Cyber Espionage Group Targeting South American Nations

CISA Releases Decryptor Tool to Combat New ESXiArgs Ransomware Variant

VMware ESXi Server Ransomware Attack Evolves, Recovery Script Released

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

Cloud Backup Feature for TOTP Codes Now Available on Google Authenticator App

Accounts left vulnerable to permanent compromise due to Google OAuth bug

How Fancy Bear Infected Routers Using an Old SNMP Bug

AI-generated YouTube videos used to distribute difficult-to-detect malware loader

Navigation

Connect with us on social