Security News

Filter by:

Researchers to release PoC exploit for critical Zoho RCE bug, patch now

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. [...]
Bleepingcomputer 17 Jan 2023 1190 Views

Avast releases free BianLian ransomware decryptor

Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers. [...]
Bleepingcomputer 16 Jan 2023 453 Views

CircleCI's hack caused by malware stealing engineer's 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems. [...]
Bleepingcomputer 15 Jan 2023 458 Views

Canada's largest alcohol retailer's site hacked to steal credit cards

The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country's largest beverage alcohol retailer, revealed that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out. [....
Bleepingcomputer 14 Jan 2023 550 Views

Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.
Dark Reading 13 Jan 2023 638 Views

Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. [...]
Bleepingcomputer 13 Jan 2023 515 Views

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Microsoft says Cuba ransomware threat actors are hacking their way into victims' networks via Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks. [...]
Bleepingcomputer 13 Jan 2023 559 Views

SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities

SAP this week announced the release of 12 new and updated security notes as part of the January 2023 Security Patch Day, including seven ‘hot news’ notes that address critical-severity vulnerabilities.
The Hacker News 12 Jan 2023 538 Views

Scattered Spider hackers use old Intel driver to bypass security

A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
The Hacker News 12 Jan 2023 733 Views

Over 1,300 fake AnyDesk sites push Vidar info-stealing malware

A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [...]
Bleepingcomputer 11 Jan 2023 640 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY