qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Critical Zyxel NAS vulnerabilities patched, update quickly!
Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the.....»»
Qlik Sense flaws exploited in Cactus ransomware campaign
Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intellig.....»»
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-.....»»
iOS 17.1.2 and macOS Sonoma 14.1.2 patch 2 actively exploited vulnerabilities
Apple released an important security update today for iPhone, iPad, and Mac. The list of fixes is short, but iOS 17.1.2 and macOS Sonoma 14.1.2 patch two web-based security flaws that have been actively exploited. more….....»»
iOS 17.1.2 & Sonoma 14.1.2 updates stop browsers from leaking personal data
Apple has updated iOS, iPadOS, and macOS Sonoma with new updates that fix two actively exploited WebKit bugs that could leak personal data to attackers.Apple patches flaws in WebKit in latest OS updatesThe company released the newest versions of its.....»»
The best cryptocurrency apps for iPhone and Android in 2023
There's no better place to get started with Bitcoin and cryptocurrency than your smartphone. Here are the best cryptocurrency apps for both iPhone and Android......»»
PSA: Update Chrome on Mac, as security flaw is being actively exploited
If you use Chrome on Mac, it’s strongly recommended to update it immediately, as a security flaw discovered by Google is being actively exploited by attackers. It could potentially allow personal data to be extracted from your Mac (the same issue a.....»»
Every Bitcoin payment "uses a swimming pool of water"
As billions face water shortages, a new study warns of the cryptocurrency's thirst for water......»»
Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild. About CVE-2023-6345 CVE-2023-6345, reported by Benoî.....»»
Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PolarDNS: Open-source DNS server tailored for security evaluations PolarDNS is a specialized authoritative DNS server that allows the operator to pr.....»»
How LockBit used Citrix Bleed to breach Boeing and other targets
CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,&.....»»
Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open sourc.....»»
Crypto zealots lead frivolous lawsuit against "Apple led cartel"
A group of Venmo and Square cash users has banded together to complain about instant transfer fees and industry distrust in cryptocurrency in what appears to be a frivolous lawsuit filed against Apple.Apple Cash is under fire in latest lawsuitThe law.....»»
Apple faces lawsuit over high transfer fees between mobile wallets
Apple is the target of a new class action lawsuit filed by Venmo and Cash App customers over high transfer fees between mobile wallets. There’s also a cryptocurrency angle, because why not? more….....»»
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is.....»»
Intel fixes high-severity CPU bug that causes “very strange behavior”
Among other things, bug allows code running inside a VM to crash hypervisors. Enlarge Intel on Tuesday pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against c.....»»
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-da.....»»
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “.....»»
Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that h.....»»
Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified t.....»»