qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Life imitates xkcd comic as Florida gang beats crypto password from retiree
Group staged home invasions to steal cryptocurrency. Enlarge / Sometimes this is all you need. (credit: Aurich Lawson | Getty Image) Remy Ra St. Felix spent April 11, 2023, on a quiet street in a rented BMW X5, staking o.....»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
Losses due to cryptocurrency and BEC scams are soaring
Every type of fraud is on the rise, and 2023 was a particularly devastating year for victims of cryptocurrency and business email compromise (BEC) scams, according to the FBI. Cryptocurrency fraud Based on complaints filed to FBI’s Internet Cri.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Found: 280 Android apps that use OCR to steal cryptocurrency credentials
Optical Character Recognition converts passwords shown in images to machine-readable text. Enlarge (credit: Getty Images) Researchers have discovered more than 280 malicious apps for Android that use optical character re.....»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
North Korean hackers’ social engineering tricks
“North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggest.....»»
Physics researchers identify new multiple Majorana zero modes in superconducting SnTe
A collaborative research team has identified the world's first multiple Majorana zero modes (MZMs) in a single vortex of the superconducting topological crystalline insulator SnTe and exploited crystal symmetry to control the coupling between the MZM.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
A YouTube video really can remove water from your iPhone
A YouTube video claiming it can remove water from your iPhone might seem up there with emails from Nigerian princes and videos of Elon Musk promoting some new cryptocurrency, but tests reveal that it does actually work … somewhat. A tech writer.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
According to the UN, Canadians with intellectual disabilities are being exploited
Canada was recently criticized by Tomoya Obokata, the United Nations Special Rapporteur on Contemporary Forms of Slavery, in relation to the shortcomings of the temporary foreign worker program......»»
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-202.....»»