qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, acc.....»»
March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesda.....»»
Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connec.....»»
macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
We learned with the public launch of iOS 17.4 that Apple included fixes for two exploited vulnerabilities and two other security issues. Now with the arrival of macOS 14.4, there are over 50 security patches and the list of security fixes for iOS 17......»»
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML a.....»»
Spain tells Sam Altman, Worldcoin to shut down its eyeball-scanning orbs
Cryptocurrency launched by OpenAI's Altman is drawing scrutiny from regulators. Enlarge / Worldcoin's "Orb," a device that scans your eyeballs to verify that you're a real human. Spain has moved to block Sam Altman’s.....»»
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iO.....»»
Decoding cryptocurrency regulation in the legibility framework
Since its introduction, cryptocurrency governance has been one of the most controversial global financial topics. While some countries have established elaborate regulations for cryptocurrencies, many countries are still reluctant to oversee the mark.....»»
iOS 17.4 includes 4 important security fixes, 2 were exploited
Regain clarity with CleanMyPhone by MacPaw — the new AI-powered cleaning app that quickly identifies and removes blurred images, screenshots, and other clutter from your device. Download it now with a free trial. iOS 17.4 is here for all use.....»»
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it
Technically, Microsoft doesn't consider such bugs as vulnerabilities. It patched it anyway. Enlarge (credit: Getty Images) Hackers backed by the North Korean government gained a major win when Microsoft left a Windows ze.....»»
Phishers target FCC, crypto holders via fake Okta SSO pages
A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign B.....»»
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect.....»»
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities hav.....»»
Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Integrating cybersecurity into vehicle design and manufacturing In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses t.....»»
‘GoldDigger’ trojan targets iOS users to steal facial recognition data and bank accounts
Apple constantly updates its operating systems with security patches, which are often exploited by hackers to attack users in many different ways. This time, however, cybersecurity company Group-IB has reported the existence of a new “GoldDigger”.....»»
Cryptocurrency maker sues former Ars reporter for writing about fraud lawsuit
Bitcoin Latinum angry about quotes from fraud lawsuit and Star Trek reference. Enlarge / Image from Bitcoin Latinum's website (credit: Bitcoin Latinum) The cryptocurrency firm Bitcoin Latinum has sued journalists at Forb.....»»
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE.....»»
Exploring the effect of ring closing on fluorescence of supramolecular polymers
In supramolecular chemistry, the self-assembly state of molecules plays a significant role in determining their tangible properties. Controlling the self-assembled state has garnered significant attention as it can be exploited to design materials wi.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding.....»»