qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeo.....»»
Actor paid to pose as crypto CEO “deeply sorry” about $1.3 billion scam
Fake CEO denied profiting off the alleged cryptocurrency scam. Enlarge / A screenshot from Jack Gamble's video outing Stephen Harrison as HyperVerse's fake CEO, posted on Gamble's "Nobody Special Finance" YouTube channel. (credit.....»»
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the ri.....»»
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Organizations using Ivanti Connect Secure should take action at once. Enlarge (credit: Getty Images) Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor.....»»
Apple removes nine cryptocurrency apps from India App Store
Apple has removed a number of cryptocurrency apps from the regional App Store servicing India, weeks after a financial regulator declared they were operating illegally.Representations of cryptocurrenciesOn December 28, India's Financial Intelligence.....»»
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. &.....»»
Hackers can infect network-connected wrenches to install ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication. Enlarge / The Rexroth Nutrunner, a line of torque wrench sold by Bosch Rexroth. (credit: Bosch Rexroth) Researchers have uneart.....»»
Network-connected wrenches in factories can be hacked for sabotage or ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication. Enlarge / The Rexroth Nutrunner, a line of torque wrench sold by Bosch Rexroth. (credit: Bosch Rexroth) Researchers have uneart.....»»
Elon Musk drops price of X gold checks amid rampant crypto scams
Reports come the same week X reduced the cost of buying gold checkmarks. Enlarge (credit: ALAIN JOCARD / Contributor | AFP) There's currently a surge in cryptocurrency and phishing scams proliferating on X (formerly Twit.....»»
Millions still haven’t patched Terrapin SSH protocol vulnerability
Terrapin isn't likely to be mass-exploited, but there's little reason not to patch. Enlarge (credit: Getty Images) Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability tha.....»»
Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked
Scammer impersonates legitimate cryptocurrency wallet, then pivots to trolling Mandiant. Enlarge Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Tw.....»»
Cybercriminals set their sights on crypto markets
The cryptocurrency market has grown significantly, attracting both enthusiasts and investors. However, the rise of cryptocurrencies has also brought forth an unprecedented need for cybersecurity measures. Cybersecurity in the context of cryptocurrenc.....»»
Barracuda fixes new ESG zero-day exploited by Chinese hackers
Reported Chinese cybercriminals uncover zero-days in Barracuda ESGs, and utilize flaws in cyberattacks......»»
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency.....»»
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In.....»»
US regulators will now have access to years of Binance transaction data
Binance and its customers will get "24/7, 365-days-a-year financial colonoscopy." Enlarge (credit: Wired/Getty) One attraction of Binance, as the company grew from its 2017 founding into the biggest cryptocurrency exchan.....»»
Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1.....»»
Critical Zyxel NAS vulnerabilities patched, update quickly!
Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the.....»»
Qlik Sense flaws exploited in Cactus ransomware campaign
Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intellig.....»»
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-.....»»