Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that h.....»»
Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)
Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library.....»»
iOS 17.0.1 patches 3 actively exploited security flaws
Three days after launching iOS 17, Apple has issued iOS 17.0.1 with three important security patches. Notably, Apple says it’s aware all of the fixed vulnerabilities were reported as being actively exploited. more….....»»
Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited “against versions of iOS before iOS 16.7.” Bill Marczak of The Citi.....»»
Apple rolls out iOS 17.0.1, iPadOS 17.0.1, watchOS 10.0.1 updates
Apple has taken the unusual step of releasing an update just days after a major release, with watchOS 10.0.1, iOS 17.0.1, and iPadOS 17.0.1 now available with the set again patching a trio of exploited security flaws.watchOS 10Generally, sub-point up.....»»
Update your Apple devices now to fix these dangerous exploits
Three actively exploited vulnerabilities have just been discovered in a huge number of Apple devices. Update yours now to ensure it stays safe from hackers......»»
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been rev.....»»
Week in review: 17 free AWS cybersecurity courses, exploited Chrome zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The blueprint for a highly effective EASM solution In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that o.....»»
Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities o.....»»
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that h.....»»
Why S-linked glycosylation cannot adequately mimic the role of natural O-glycosylation
Protein glycosylation is one of the most important post-translational modifications that can be exploited to improve various aspects of therapeutic proteins and industrial enzymes. Different types of glycosylation have a variety of effects on protein.....»»
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any inte.....»»
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found.....»»
Apple patches “clickless” 0-day image processing vulnerability in iOS, macOS
"BLASTPASS" bug can install malware without user interaction. Enlarge (credit: Apple) Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that c.....»»
Apple fixes exploited security flaws with iPadOS & iOS 16.6.1, watchOS 9.6.2, macOS Ventura 13.5.2 updates
Less than a week until Apple's iPhone 15 event, Apple has released what is likely close to its last updates to iOS 16.6, macOS Ventura 13.5, and watchOS 9.6 to patch some actively exploited security problems.iOS 16.6.1 is now availableThe updates pat.....»»
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
"I almost lost my will to live": Preference for sons is leaving young women in China exploited and abused
China has a gender crisis. The country has a huge surplus of men—around 722 million compared to 690 million women in 2022. This is largely because of sex-selective abortions linked to China's one-child policy, which ended in 2015......»»
Easy-to-exploit Skype vulnerability reveals users’ IP address
A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vuln.....»»
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vul.....»»
Open redirect flaws increasingly exploited by phishers
Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider refreshing employees’ awareness and knowledge on how to spot them. Maliciou.....»»
Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable.....»»