qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix
qBittorrent Web UI Exploited to Mine Cryptocurrency: Here’s How to Fix.....»»
7 fake cryptocurrency investment apps discovered in Google Play, Apple App Store
Sophos released new findings on CryptoRom scams—a subset of pig butchering schemes designed to trick users of dating apps into making fake cryptocurrency investments. Since May, Sophos X-Ops has observed CryptoRom fraudsters refining their techniqu.....»»
Worldcoin suspended in Kenya as thousands queue for free money
The authorities say they have data privacy concerns over Sam Altman's new cryptocurrency project......»»
Android n-day bugs pose zero-day threat
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the v.....»»
Stremio vulnerability exposes millions to attack
CyFox researchers have discovered a DLL planting/hijacking vulnerability in popular media center application Stremio, which could be exploited by attackers to execute code on the victim’s system, steal information, and more. About the vulnerabi.....»»
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (.....»»
Even the upcoming macOS Sonoma update isn"t safe from this malware
A recently discovered Mac malware, known as "Realst," is currently employed in a large-scale campaign to steal cryptocurrency wallets — and even targets the still-developing macOS Sonoma.New Mac malware targets cryptocurrency walletsSecurity resear.....»»
Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What.....»»
Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in.....»»
OpenAI"s Sam Altman launches Worldcoin crypto project
Worldcoin, a cryptocurrency project founded by OpenAI CEO Sam Altman, launched on Monday......»»
Apple fixes 16 security flaws with iOS 16.6, two actively exploited
Apple has released iOS 16.6 today for everyone and while the update doesn’t come with new user-facing features, it has over a dozen important security fixes. And notably, two of the fixes are for actively exploited flaws. more… The post Apple f.....»»
Apple fixes two exploited vulnerabilities in iOS 16.6 security update
Apple's security updates in iOS 16.6 and iPadOS 16.6 fix vulnerabilities and issues affecting the Neural Engine, WebKit, and Find My, along with two that are reportedly actively exploited.Just after releasing iOS 16.6 and iPadOS 16.6 to the public, A.....»»
Ready for your eye scan? Worldcoin launches—but not quite worldwide
"The US does not make or break a project like this," says OpenAI chief. Enlarge (credit: FT Montage/Bloomberg) Sam Altman’s cryptocurrency project, the Worldcoin Foundation, is rolling out its services globally even as.....»»
Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)
Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched.....»»
Trends in ransomware-as-a-service and cryptocurrency to monitor
In January, law enforcement officials disrupted the operations of the Hive cybercriminal group, which profited off a ransomware-as-a-service (RaaS) business model. Hive is widely believed to be affiliated with the Conti ransomware group, joining a li.....»»
Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns
The exploited code-execution flaws are the kind coveted by ransomware and nation-state hackers. Enlarge (credit: Getty Images) Organizations big and small are once again scrambling to patch critical vulnerabilities that.....»»
Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with in.....»»
Email typo misdirects millions of U.S. military messages to Mali
The man who exposed the error said the risk is real and has the potential to be exploited by adversaries of the United States......»»
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aime.....»»
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with.....»»
Malware delivery to Microsoft Teams users made easy
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and.....»»