UpdraftPlus WordPress plugin update forced for million sites
WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has...
News
This Week in Security News – February 18, 2022
SMS PVA services' use of infected Android phones reveals flaws in SMS verification, and 'Russian state-sponsored cyber actors' cited in...
Google Privacy Sandbox promises to protect user privacy online
Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy...
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability
Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne...
CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager
Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment...
Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working...
Threat actors leverage Microsoft Teams to spread malware
Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While...
Firefox and Chrome reaching major versions 100 may break some websites
Mozilla has issued a warning about the upcoming versions 100 for both Chrome and Firefox. The change in the version...
Specially crafted emails could crash Cisco ESA devices
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted...
European Data Protection Supervisor call for bans on surveillance spyware like Pegasus
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware....
New Kraken botnet is allowing operators to earn USD 3,000 every month
Researchers spotted a new Golang-based botnet called Kraken that is under active development and supports a lot of backdoor capabilities. Kraken is...
Nation-state actors hacked Red Cross exploiting a Zoho bug
The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug....
A Guide to the Well-Architected Framework
Discover the six pillars of the Amazon Web Services (AWS) and Azure Well-Architected Framework, examining best practices and design principles...
Russia-linked threat actors breached US cleared defense contractors (CDCs)
Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to...
Trickbot targets customers of 60 High-Profile companies
TrickBot malware is targeting customers of 60 financial and technology companies with new anti-analysis features. The infamous TrickBot malware was...
Roblox Beamers steal items from kids
Roblox gamers are once again being warned to be on their guard against scammers plundering valuable digital items. Most multiplayer...
Experts disclose details of Apache Cassandra DB RCE
Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details...
Ban Pegasus spyware, urges European Union Data Protection Supervisor
The European Data Protection Supervisor (EDPS) has urged the EU to ban the development and deployment of spyware with the...
Journalist won’t be indicted for hacking for viewing a state website’s HTML
A journalist incorrectly branded as a “hacker” by the governor of Missouri won’t be prosecuted “for hacking”. This was a...
CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs
The U.S. CISA added to the Known Exploited Vulnerabilities Catalog another 9 security flaws actively exploited in the wild. US Cybersecurity...
VMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contest
VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that...
Ukraine: Military defense agencies and banks hit by cyberattacks
Ukraine ‘s defense agencies and two state-owned banks were hit by Distributed Denial-of-Service (DDoS) attacks. The Ministry of Defense and...
SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification
Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online...
US-CERT Bulletin (SB22-045):Vulnerability Summary for the Week of February 7, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
