Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open sourc.....»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
Veza and HashiCorp join forces to help prevent credential exposure
Veza announced a partnership with HashiCorp to deliver an integrated solution for solving modern identity security challenges. Together, the Veza Access Platform and HashiCorp Vault empower joint customers to strengthen their identity security postur.....»»
US charges Russian military officers for unleashing wiper malware on Ukraine
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. Enlarge (credit: Getty Images) Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy t.....»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
Ukrainian drones now spray 2,500° C thermite streams right into Russian trenches
Mechanical dragons now deliver fire on command. Enlarge Wars of necessity spawn weapons innovation as each side tries to counter the other's tactics and punch through defenses. For instance—as the Russian invasion of.....»»
McAfee+ vs. Avast One: Which lost-cost antivirus app is best?
I went hands-on with McAfee and Avast antivirus software to find out which offers the best malware protection, value, and ease of use......»»
Konami’s next game is a chaotic ode to Grand Theft Auto 2
Deliver at All Costs pays tribute to classic Grand Theft Auto games with a healthy serving of slapstick vehicular comedy......»»
Voldemort espionage malware hits organizations across the globe
More than 70 companies were struck by malware that doesn't have a C2......»»
Physics researchers identify new multiple Majorana zero modes in superconducting SnTe
A collaborative research team has identified the world's first multiple Majorana zero modes (MZMs) in a single vortex of the superconducting topological crystalline insulator SnTe and exploited crystal symmetry to control the coupling between the MZM.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Expel partners with Wiz to enhance security for cloud environments
Expel announced a new strategic partnership with Wiz, a cloud-native application protection platform (CNAPP). The partnership provides an integration offering MDR for Wiz toxic risk combinations (including vulnerabilities, secrets, malware, and threa.....»»
AI modeling can deliver more benefits, less risk for water partnerships
A Cornell-led research collaboration found that cooperative partnerships seeking to spread the cost burden of water infrastructure projects among regional stakeholders often end up forcing local partners to bear the brunt of underlying supply and fin.....»»
Apple’s Glowtime event creates big expectations – how will it deliver?
The iPhone 16 line-up will be unveiled on Monday, and Apple’s Glowtime event name and graphics seem to be pretty clear pointers to a focus on Apple Intelligence. Anyone who is running the current iOS 18.1 beta will have instantly recognised the eve.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
New Lexus brand "taste" will come from sweeping rework of body rigidity
Lexus says it has found the missing piece in its quest to match the long-lauded driving dynamics of Germany's big premium players — better body rigidity. To deliver a better signature, Toyota's top-shelf marque is reworking ride and handling across.....»»
Daily 5 report for Aug. 26: Can Ford deliver the goods with new products?
Ford's future product pipeline will emphasize its subbrands including Mustang, Maverick and Bronco......»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
Android malware steals payment card data using previously unseen technique
Attacker then emulates the card and makes withdrawals or payments from victim's account. Enlarge (credit: d3sign) Newly discovered Android malware steals payment card data using an infected device’s NFC reader and rela.....»»
A new malware threat to macOS adds to the data-stealing surge
Mac users face another macOS threat that aims to steal your data and targets x86_64 and Arm architectures......»»