Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targ.....»»
Apache HugeGraph-Server flaw actively exploited, CISA warns
The vulnerability has been patched months ago, but now federal agencies have a deadline to patch......»»
Windscribe review: build your own plan with this unique VPN
I tested Windscribe, a VPN with a free service, low-cost plans, and a malware blocker. I explored its strengths, weaknesses, and overall value......»»
Windows users targeted with fake human verification pages delivering malware
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human ve.....»»
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access t.....»»
NASA completes spacecraft to transport, support Roman Space Telescope
The spacecraft bus that will deliver NASA's Nancy Grace Roman Space Telescope to its orbit and enable it to function once there is now complete after years of construction, installation, and testing......»»
Driver assists become de facto autopilots as drivers multitask, study finds
As drivers become familiar with the systems, they exploit them. Enlarge / Lane keeping systems let you take your hands off the wheel while you drive. (credit: Getty Images) The seductive lure of cars that drive themselv.....»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
What is mini-LED TV? How smaller, brighter LEDs can deliver better picture quality
Mini-LED lighting is one of the reasons that TV you purchased is able to deliver such a detailed picture. Here’s everything you need to know about the tech!.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Infection corrals devices running AOSP-based firmware into a botnet. Enlarge (credit: Getty Images) Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streami.....»»
Millions of Android streaming boxes hit by damaging malware
Vo1d backdoor is compromising older streaming boxes powered by Android......»»
GAZEploit could work out Vision Pro user passwords from watching their avatars [Fixed]
Security researchers came up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls. They’ve put together a YouT.....»»
GAZEploit can work out Vision Pro user passwords from watching their avatars
Security researchers have come up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls. They’ve put together a.....»»
New CUKTECH power banks deliver incredible charging speed with a touch of style
New CUKTECH power banks deliver incredible charging speed with a touch of style.....»»
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory p.....»»
Kaspersky security tools hijacked to disable online protection systems
RansomHub is using a legitimate tool to disable EDRs and deploy stage-two malware, including infostealers......»»
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Tenable released AI Aware, advanced detection capabilities designed to surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management. Tenable AI Aware provides exposure insight into AI applica.....»»
Chinese hackers are switching to new malware for government attacks
New attacks from the Chinese based Mustang Panda group reveal a change in tactics.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Ketch helps media brands enable privacy-safe data activation
Ketch launched its product suite for digital media brands. The digital media industry faces increasing challenges. Intense FTC scrutiny on targeted advertising, growing pressure to deliver precise, permissioned targeting, and the existential threat o.....»»