An Update on U.S. Cybersecurity and Infrastructure Security Agency (CISA) Updates to the Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has made changes to its Known Exploited Vulnerabilities (KEV) Catalog. It’s like cleaning out your closet – some flaws stay, some go, and some new ones join the party. On
Read More
Apple’s Security Patch for Zero-Day Flaw in iOS and iPadOS This informative briefing is all about how Apple has picked its security wits by releasing patches to fix a new zero-day vulnerability in iOS and iPadOS. Now you’d think it’s just another day in the Apple orchard, but, just like my dad’s socks, the situation
Read More
Main Points: – Atlassian fixes actively exploited zero-day flaw in Confluence Data Center and Server instances. – The vulnerability, identified as CVE-2023-22515, enables external attackers to create unauthorized admin accounts and access Confluence servers. – The flaw only impacts certain versions and does not affect versions prior to 6.13.23. Atlassian Addresses Critical Zero-Day Flaw The
Read More
DragonEgg and LightSpy: The Connection Between Two Sneaky Spywares Main Points: New research elucidates a connection between the Android spyware DragonEgg and the iOS surveillance tool, LightSpy. DragonEgg and WyrmSpy, also known as AndroidControl, were first revealed in July 2023 by Lookout as malware strains designed to extract sensitive data from Android devices, and were
Read More
Affordable SaaS Security Solutions Emerging for Mid-Sized Businesses Security woes for mid-sized companies: a tightening noose Like a computer on its last legs struggling to update, mid-sized enterprises and their hardworking Chief Information Security Officers (CISOs) are finding it challenging to fight off the expanding threat of SaaS (Software as a Service) security issues. All
Read More
NPM Package Deploys Open-Source Rootkit, First of Its Kind A deceptive package within the npm package registry deploying an open-source rootkit called r77 has been discovered. The malevolent package, dubbed “node-hide-console-windows”, is a rogue variant of the legitimate npm package “node-hide-console-window”. This case represents the first-ever recorded instance of a rogue package delivering rootkit functionality.
Read More
Cloudy with a Chance of Hacks: Microsoft Thwarts SQL Server Attack Attempt – Microsoft reveals a new hacking attempt targeting a SQL Server instance – The attack tried to pivot towards cloud environment through SQL Injection – Security researchers detail the campaigners’ modus operandi – Although the attack was unsuccessful, it signals a noticeable trend
Read More
New Linux Vulnerability ‘Looney Tunables’, a Capable Foe Main Points: A new Linux security vulnerability, referred to as ‘Looney Tunables’, has been detected. This vulnerability resides in the GNU C library’s ld.so dynamic loader. If exploited, it could potentially lead to a local privilege escalation and allow a hacker to gain root privileges. Tracked as
Read More
Qualcomm Tackles 17 Vulnerabilities and 3 Zero-Days: Time for a Chip Chop! Bullet Points Qualcomm has released security updates for 17 vulnerabilities in various components. Three other zero-day vulnerabilities are currently under active exploitation. Out of the 17 vulnerabilities, three are classified as ‘Critical’, 13 as ‘High’, and one as ‘Medium’ in severity. Google’s Threat
Read More
TorchServe Vulnerabilities Come to Light: ‘ShellTorch’ Might Light up Your System! Main Points: – Several critical security flaws have been found in TorchServe. – Israeli company Oligo discovered these vulnerabilities, dubbing them ‘ShellTorch’. – The flaws can potentially lead to a full chain remote code execution. Introduction to TorchServe Turns out, TorchServe, which is known
Read MoreNo products in the cart.