– h1: Free Download Manager admits to 2020 security breach. – Malicious Linux software was distributed through the company’s website. – The hacker group was believed to be from Ukraine. – Only a select group of users were affected. h2: The Breach Revealed Tech tragedy alert: in the equivalent of leaving your garage door open
Read More
Watch Out Windows Users: Clever WinRAR Exploit Poses Real Danger A deceptive proof-of-concept (PoC) exploit for a recent WinRAR vulnerability is released, aiming to infect unsuspecting users with VenomRAT malware The phony WinRAR exploit is based on a publicly available PoC script for a SQL injection vulnerability found in Geoserver A Double-edged Sword: The Fake
Read More
Winding down the Dark Web: Finnish Authorities shut down PIILOPUOTI – Finnish authorities have successfully taken down PIILOPUOTI, a dark web marketplace notorious for illicit narcotics trade. – PIILOPUOTI has been in operation since May 2022, functioning as a hidden service within the encrypted TOR network. – According to the Finnish Customs agency, the site
Read More
Nagios XI Network Monitoring Software Plugs Security Holes Multiple security vulnerabilities discovered in Nagios XI network monitoring software. Vulnerabilities can result in privilege escalation and information disclosure. Four security flaws, tracked as CVE-2023-40931 through CVE-2023-40934, affect Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, these issues have been patched as
Read More
Email phishing campaigns target Chinese-language speakers – Several email phishing campaigns are predominantly targeting Chinese-language speakers. – Such attacks aim to propagate different malware families, including Sainbox RAT, Purple Fox, and a recently detected Trojan named ValleyRAT. – Proofpoint, an enterprise security company, has disclosed this trend, noting that the involved campaigns include Chinese-language lures
Read More
Modern web applications are modular and depend on third-party components, which can make them vulnerable. Vulnerabilities can be hidden within third-party components. Open-source tools, even the popular ones, can be a target of attacks. The Pitfall of Functionality: Modern Web Applications’ Vulnerability The thing about modern web applications is their comparable functionality to a Swiss
Read More
Troublemaker Packages: Sowing Chaos in the npm Registry Sonatype cybersecurity researchers have detected a nefarious new batch of mischievous npm packages. These are no ordinary code depots, instead, they are double agents designed to steal Kubernetes configurations and SSH keys! They then ferry this crucial information from the compromised systems to a remote server, like
Read More
Signal Tightens Security with Quantum Resistance The encrypted messaging app Signal has announced an update that supports quantum resistance. This update improves the Signal Protocol by enhancing the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). This move provides an additional protection layer against potential quantum computers that might be powerful enough to
Read More
Main Points: GitLab shipped patches to fix a potent security flaw (CVE-2023-5009) The flaw impacts all GitLab EE versions from 13.12 up to 16.2.7 and 16.3 up to 16.3.4 Critical flaw allowed attackers to run pipelines as any user GitLab, in a move faster than a system reboot, has dispatched security patches to iron out
Read More
Important Fixes for Critical Security Flaw: Trend Micro Works to Patch Apex One and Worry-Free Business Security Solutions Summary of the Security Situation Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw that affects Apex One and Worry-Free Business Security solutions. This vulnerability, coded as CVE-2023-41179 (with a high
Read MoreNo products in the cart.