Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open sourc.....»»
Windscribe review: build your own plan with this unique VPN
I tested Windscribe, a VPN with a free service, low-cost plans, and a malware blocker. I explored its strengths, weaknesses, and overall value......»»
Windows users targeted with fake human verification pages delivering malware
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human ve.....»»
NASA completes spacecraft to transport, support Roman Space Telescope
The spacecraft bus that will deliver NASA's Nancy Grace Roman Space Telescope to its orbit and enable it to function once there is now complete after years of construction, installation, and testing......»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
What is mini-LED TV? How smaller, brighter LEDs can deliver better picture quality
Mini-LED lighting is one of the reasons that TV you purchased is able to deliver such a detailed picture. Here’s everything you need to know about the tech!.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet. Enlarge (credit: Getty Images) Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streami.....»»
Millions of Android streaming boxes hit by damaging malware
Vo1d backdoor is compromising older streaming boxes powered by Android......»»
New CUKTECH power banks deliver incredible charging speed with a touch of style
New CUKTECH power banks deliver incredible charging speed with a touch of style.....»»
Kaspersky security tools hijacked to disable online protection systems
RansomHub is using a legitimate tool to disable EDRs and deploy stage-two malware, including infostealers......»»
Chinese hackers are switching to new malware for government attacks
New attacks from the Chinese based Mustang Panda group reveal a change in tactics.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Ketch helps media brands enable privacy-safe data activation
Ketch launched its product suite for digital media brands. The digital media industry faces increasing challenges. Intense FTC scrutiny on targeted advertising, growing pressure to deliver precise, permissioned targeting, and the existential threat o.....»»
Tufin improves security automation on Azure, GCP, and VMware clouds
Tufin Orchestration Suite (TOS) R24-2 ensures organizations’ network operations are efficient, secure, and always audit-ready by automating complex tasks, enhancing security visibility, and driving compliance. The key benefits TOS R24-2 deliver.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
Veza and HashiCorp join forces to help prevent credential exposure
Veza announced a partnership with HashiCorp to deliver an integrated solution for solving modern identity security challenges. Together, the Veza Access Platform and HashiCorp Vault empower joint customers to strengthen their identity security postur.....»»
US charges Russian military officers for unleashing wiper malware on Ukraine
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. Enlarge (credit: Getty Images) Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy t.....»»