qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability ste.....»»
FTX to pay $12.7B to victims of Sam Bankman-Fried’s massive scheme
US commodities trading agency claimed its largest recovery ever for FTX victims. Enlarge (credit: NurPhoto / Contributor | NurPhoto) FTX, the bankrupt cryptocurrency exchange formerly helmed by fraudster Sam Bankman-Frie.....»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
An 18-year-old Safari loophole exploited by hackers is finally being fixed by Apple
There’s a pesky loophole lurking in every major browser, including Apple’s Safari, Google Chrome, and Mozilla Firefox, that hackers have been exploiting for the past … The post An 18-year-old Safari loophole exploited by hackers is.....»»
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Rou.....»»
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is.....»»
Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Why a strong patch management strategy is essential for reducing business risk In this Help Net Security interview, Eran Livne, Senior Director of P.....»»
Mac malware posing as apps like Loom, LedgerLive, and Black Desert Online
A “sophisticated and alarming” Mac malware attack is being carried out in the guise of free versions of popular apps like the screen recording utility Loom, cryptocurrency manager LedgerLive, and MMO game Black Desert Online. It appears to be.....»»
Multi-state Apple fraud ring exposed by DHS after routine traffic stop
The Department of Homeland Security busted a sophisticated counterfeiting operation where fraudsters exploited retail return policies to swap genuine Apple products with counterfeit devices nationwide.The Department of Homeland SecurityChalvin Tan wa.....»»
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner.....»»
Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology comp.....»»
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. A.....»»
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one.....»»
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Tre.....»»
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have sto.....»»
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it
The goal of the exploits was to open Explorer and trick targets into running malicious code. Enlarge (credit: Getty Images) Threat actors carried out zero-day attacks that targeted Windows users with malware for more tha.....»»
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Poi.....»»
Cryptocurrency investors are more likely to self-report "Dark Tetrad" personality traits, study shows
Owning cryptocurrency may be associated with certain personality and demographic characteristics as well as a reliance on alternative or fringe social media sources, according to a study published July 3, 2024 in the open-access journal PLOS ONE by S.....»»
“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Full system compromise possible by peppering servers with thousands of connection requests. Enlarge Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to g.....»»