qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aime.....»»
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with.....»»
Malware delivery to Microsoft Teams users made easy
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and.....»»
Flaw in Revolut payment systems exploited to steal $20 million
Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation. Revolut’s cybersecurit.....»»
MOVEit app mass-exploited last month patches new critical vulnerability
Just in time for the weekend: another unauthenticated SQL injection flaw! Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images) MOVEit, the file-transfer software exploited in recent weeks in one of the bigg.....»»
Actively exploited vulnerability threatens hundreds of solar power stations
Organizations using unpatched SolarView products face potentially serious consequences. Enlarge (credit: Getty Images) Hundreds of Internet-exposed devices inside solar farms remain unpatched against a critical and activ.....»»
These Samsung phone flaws have been exploited by spyware
Top US security agency adds more Samsung mobile vulnerabilities to its catalog, with some already exploited......»»
40 CS:GO traders have been banned by Valve in latest crackdown
Valve has banned around 40 CS:GO traders in an effort to crack down on an emergent cryptocurrency scheme......»»
PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel.....»»
Fear of being exploited is stagnating our progress in science, say researchers
Science is a collaborative effort. What we know today would have never been, had it not been generations of scientists reusing and building on the work of their predecessors......»»
Prominent cryptocurrency exchange infected with previously unseen Mac malware
It's not yet clear how the full-featured JokerSpy backdoor gets installed. Enlarge (credit: Getty Images) Researchers have discovered previously unknown Mac malware infecting a cryptocurrency exchange. It contains a full.....»»
Apple patches two actively exploited security flaws with iOS 16.5.1 and more
Coming with the release iOS 16.5.1, macOS 13.4.1, and more today, Apple has shipped two important fixes for security flaws. The updates arrive for devices on the latest public software and those on older versions of its software. Notably, Apple has.....»»
Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435)
Apple has released patches for three zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) exploited in the wild. The first two have been reported by Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko and Boris Larin follo.....»»
Apple patched actively exploited iMessage bug in latest updates
Don't hold off too long on updating to iOS 16.5.1 and the other new public releases, as Apple has patched multiple security issues that were actively exploited.iMessage vulnerability patchedApple released iOS 16.5.1, iPadOS 16.5.1, macOS Ventura 13.4.....»»
VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitati.....»»
Compromised Linux SSH servers engage in DDoS attacks, cryptomining
Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS.....»»
TerraUSD: South Korea "cryptocrash king" Do Kwon jailed
The collapse of the terraUSD stablecoin and the associated Luna token rocked cryptocurrency markets......»»
Binance exits Netherlands and faces France probe
The world's largest cryptocurrency exchange faces setbacks in Europe......»»
Apple threatens to remove Jack Dorsey-backed Damus app over in-app transactions
Apple has already made it known that it's not a fan of in-app cryptocurrency transfers, and now it's banging that drum again for a decentralized social messaging app backed by Twitter co-founder Jack Dorsey.Apple App StoreThe app is called Damus, and.....»»
June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confu.....»»