Security News

Filter by:

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
Threatpost 27 Jan 2022 347 Views

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
Threatpost 27 Jan 2022 515 Views

Attackers now actively targeting critical SonicWall RCE bug

A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.
ZDnet 26 Jan 2022 927 Views

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...
ZDnet 26 Jan 2022 1144 Views

Trellix finds OneDrive malware targeting government officials in Western Asia

Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix. 
ZDnet 26 Jan 2022 13558 Views

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
Threatpost 25 Jan 2022 371 Views

Log4j: Mirai botnet found targeting ZyXEL networking devices

A report explained that the Log4j vulnerability is being used to "infect and assist in the proliferation of malware used by the Mirai botnet."
ZDnet 25 Jan 2022 419 Views

FBI warns of malicious QR codes used to steal your money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.
BleepingComputer 24 Jan 2022 1149 Views

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Misconfiguration provides the perfect opportunity for token-based theft.
ZDnet 24 Jan 2022 273 Views

Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Threatpost 20 Jan 2022 334 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY