VMware bug with 9.8 severity rating exploited to install witch’s brew of malware
If you haven't patched CVE-2022-22954 yet, now would be an excellent time to do so. (credit: Pixabay) Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various rans.....»»
Millions of Android streaming boxes hit by damaging malware
Vo1d backdoor is compromising older streaming boxes powered by Android......»»
Unity is dropping its unpopular per-install Runtime Fee
Cross-platform game engine saw the downside to "novel and controversial" plan. Enlarge (credit: Unity) Unity, maker of a popular cross-platform engine and toolkit, will not pursue a broadly unpopular Runtime Fee that wou.....»»
Kaspersky security tools hijacked to disable online protection systems
RansomHub is using a legitimate tool to disable EDRs and deploy stage-two malware, including infostealers......»»
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use i.....»»
Chinese hackers are switching to new malware for government attacks
New attacks from the Chinese based Mustang Panda group reveal a change in tactics.....»»
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect (C.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Tufin improves security automation on Azure, GCP, and VMware clouds
Tufin Orchestration Suite (TOS) R24-2 ensures organizations’ network operations are efficient, secure, and always audit-ready by automating complex tasks, enhancing security visibility, and driving compliance. The key benefits TOS R24-2 deliver.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
US charges Russian military officers for unleashing wiper malware on Ukraine
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. Enlarge (credit: Getty Images) Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy t.....»»
AT&T sues Broadcom for refusing to renew perpetual license support
Ars cited in lawsuit AT&T recently filed against Broadcom. Enlarge AT&T filed a lawsuit against Broadcom on August 29 accusing it of seeking to “retroactively change existing VMware contracts to match its new corpor.....»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
US disinformation researcher laments "incredible witch hunt"
Understanding disinformation has emerged as a lightning rod in the United States ahead of the November election, with academics and think-tanks facing lawsuits by right-wing groups and subpoenas from a Republican-led congressional committee......»»
Zyxel warns of vulnerabilities in a wide range of its products
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10. Enlarge (credit: Getty Images) Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its.....»»
McAfee+ vs. Avast One: Which lost-cost antivirus app is best?
I went hands-on with McAfee and Avast antivirus software to find out which offers the best malware protection, value, and ease of use......»»
Business routers vulnerable to OS command injection attack
Zyxel fixes a 9.8-severity vulnerability in multiple endpoints......»»
Cybersecurity jobs available right now: September 4, 2024
Cyber Systems Operations United States Air Force | USA | On-site – View job details The United States Air Force is looking for a Cyber Systems Operations Specialist to design, install, and support systems to ensure they operate proper.....»»
New ransomware group is hitting VMware ESXi systems hard
Researchers spot a new ransomware actor called Cicada3301, but it's not linked to the game of the same name......»»
Voldemort espionage malware hits organizations across the globe
More than 70 companies were struck by malware that doesn't have a C2......»»