Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open sourc.....»»
11 million devices infected with botnet malware hosted in Google Play
Necro infiltrated Google Play in 2019. It recently returned. Enlarge (credit: Getty Images) Five years ago, researchers made a grim discovery—a legitimate Android app in the Google Play market that was surreptitiously.....»»
Europa Clipper overcomes transistor issue and is ready for launch next month
This May, engineers working on NASA's Europa Clipper had to deliver the kind of news that no one wants to announce: there was a problem with the spacecraft......»»
Apache HugeGraph-Server flaw actively exploited, CISA warns
The vulnerability has been patched months ago, but now federal agencies have a deadline to patch......»»
Windscribe review: build your own plan with this unique VPN
I tested Windscribe, a VPN with a free service, low-cost plans, and a malware blocker. I explored its strengths, weaknesses, and overall value......»»
Windows users targeted with fake human verification pages delivering malware
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human ve.....»»
NASA completes spacecraft to transport, support Roman Space Telescope
The spacecraft bus that will deliver NASA's Nancy Grace Roman Space Telescope to its orbit and enable it to function once there is now complete after years of construction, installation, and testing......»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
What is mini-LED TV? How smaller, brighter LEDs can deliver better picture quality
Mini-LED lighting is one of the reasons that TV you purchased is able to deliver such a detailed picture. Here’s everything you need to know about the tech!.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet. Enlarge (credit: Getty Images) Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streami.....»»
Millions of Android streaming boxes hit by damaging malware
Vo1d backdoor is compromising older streaming boxes powered by Android......»»
New CUKTECH power banks deliver incredible charging speed with a touch of style
New CUKTECH power banks deliver incredible charging speed with a touch of style.....»»
Kaspersky security tools hijacked to disable online protection systems
RansomHub is using a legitimate tool to disable EDRs and deploy stage-two malware, including infostealers......»»
Chinese hackers are switching to new malware for government attacks
New attacks from the Chinese based Mustang Panda group reveal a change in tactics.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Ketch helps media brands enable privacy-safe data activation
Ketch launched its product suite for digital media brands. The digital media industry faces increasing challenges. Intense FTC scrutiny on targeted advertising, growing pressure to deliver precise, permissioned targeting, and the existential threat o.....»»
Tufin improves security automation on Azure, GCP, and VMware clouds
Tufin Orchestration Suite (TOS) R24-2 ensures organizations’ network operations are efficient, secure, and always audit-ready by automating complex tasks, enhancing security visibility, and driving compliance. The key benefits TOS R24-2 deliver.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»