QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS
Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP...
News
Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS...
Lemon_Duck cryptomining botnet targets Docker servers
The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet...
Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack
A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files....
Pegasus spyware found on UK government office phone
“When we found the No. 10 case, my jaw dropped.” John Scott-Railton recalled after finding out on July 7, 2020...
Lenovo issues fixes for laptop backdoors
Researchers have discovered three vulnerabilities affecting various Lenovo consumer laptop models. The vulnerabilities were found in UEFI firmware drivers originally...
Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors
Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals...
Beware of fake Twitter philanthropists offering to put $750 into your Cash App account
Twitter philanthropists are a controversial emergence on the social media platform. In essence, Twitter-based philanthropy is about incredibly rich people...
Static SSH host key in Cisco Umbrella allows stealing admin credentials
Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco...
It’s legal to scrape public data—US appeals court
Web scraping—the automated extraction of data from websites—has been around for a long time. Simultaneously cursed and praised, with nobody...
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective...
US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks
Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity...
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by...
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by...
Russian Gamaredon APT continues to target Ukraine
Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and...
The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich
Today we look at a fakeout which begins with Elon Musk, and ends with a trip to Mars (or, if...
Oracle releases massive Critical Patch Update containing 520 security patches
Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of...
Anonymous hacked other Russian organizations, some of the breaches could be severe
The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked...
US warns of APT groups that can “gain full system access” to some industrial control systems
An “exceptionally rare and dangerous” advanced persistent threat (APT) malware kit, containing custom-made tools designed to target some of North America’s...
Beware tragic “my daughter died…” Facebook posts offering free PS5s
Tragic tales are being posted to Facebook, combined with the offer of a giveaway. However, some are perhaps not quite...
CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity...
New BotenaGo variant specifically targets Lilin security camera DVR devices
Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate....
QNAP users are recommended to disable UPnP port forwarding on routers
QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices....
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and...
