qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Google fixes actively exploited Chrome zero-day (CVE-2024-0519)
In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAsse.....»»
3 ways to combat rising OAuth SaaS attacks
OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch sp.....»»
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of ma.....»»
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeo.....»»
Actor paid to pose as crypto CEO “deeply sorry” about $1.3 billion scam
Fake CEO denied profiting off the alleged cryptocurrency scam. Enlarge / A screenshot from Jack Gamble's video outing Stephen Harrison as HyperVerse's fake CEO, posted on Gamble's "Nobody Special Finance" YouTube channel. (credit.....»»
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the ri.....»»
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Organizations using Ivanti Connect Secure should take action at once. Enlarge (credit: Getty Images) Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor.....»»
Apple removes nine cryptocurrency apps from India App Store
Apple has removed a number of cryptocurrency apps from the regional App Store servicing India, weeks after a financial regulator declared they were operating illegally.Representations of cryptocurrenciesOn December 28, India's Financial Intelligence.....»»
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. &.....»»
Hackers can infect network-connected wrenches to install ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication. Enlarge / The Rexroth Nutrunner, a line of torque wrench sold by Bosch Rexroth. (credit: Bosch Rexroth) Researchers have uneart.....»»
Network-connected wrenches in factories can be hacked for sabotage or ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication. Enlarge / The Rexroth Nutrunner, a line of torque wrench sold by Bosch Rexroth. (credit: Bosch Rexroth) Researchers have uneart.....»»
Elon Musk drops price of X gold checks amid rampant crypto scams
Reports come the same week X reduced the cost of buying gold checkmarks. Enlarge (credit: ALAIN JOCARD / Contributor | AFP) There's currently a surge in cryptocurrency and phishing scams proliferating on X (formerly Twit.....»»
Millions still haven’t patched Terrapin SSH protocol vulnerability
Terrapin isn't likely to be mass-exploited, but there's little reason not to patch. Enlarge (credit: Getty Images) Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability tha.....»»
Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked
Scammer impersonates legitimate cryptocurrency wallet, then pivots to trolling Mandiant. Enlarge Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Tw.....»»
Cybercriminals set their sights on crypto markets
The cryptocurrency market has grown significantly, attracting both enthusiasts and investors. However, the rise of cryptocurrencies has also brought forth an unprecedented need for cybersecurity measures. Cybersecurity in the context of cryptocurrenc.....»»
Barracuda fixes new ESG zero-day exploited by Chinese hackers
Reported Chinese cybercriminals uncover zero-days in Barracuda ESGs, and utilize flaws in cyberattacks......»»
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency.....»»
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In.....»»
US regulators will now have access to years of Binance transaction data
Binance and its customers will get "24/7, 365-days-a-year financial colonoscopy." Enlarge (credit: Wired/Getty) One attraction of Binance, as the company grew from its 2017 founding into the biggest cryptocurrency exchan.....»»
Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1.....»»