A recent research states that certified PDF files are not protected enough, so they are vulnerable to various types of cyberattack. These files are often used to securely sign agreements between two parties, as certification protects document integrity. The research, by a specialized team at Ruhr University, notes that certified PDF documents employ two specific […]
Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. “Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing,” the Carnegie […]
Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. “Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing,” the Carnegie […]
The experts of ESET telemetry have recently declared that the attack rate of Stalkerware for Android is increasing rapidly. As per the report of 2020, nearly 48% of attacks have increased as compared to the 2019 attack rate. However, Stalkerware generally monitors the GPS location of victims’ devices, conversations, pictures, browser history, and many more. […]
Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. “SVR cyber operators appear to have reacted […] by changing their TTPs in an […]
When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, “As it is not easy to fix, it will haunt us for quite some time,” explaining the inspiration behind naming the speculative execution attacks. Indeed, it’s been more than three years, and there […]
The cybersecurity researchers from CloudSEK has recently discovered more than 40 apps which has nearly 100 million downloads, are continuously targeting the AWS API keys. Amazon Web Services (AWS) is generally known for its cloud computing platform for enterprises, small businesses, and not only that even it also deals with the government bodies around the […]
A multi-billion pound British class action lawsuit has been filed against the tech giant Google in the UK Supreme Court. The lawsuit alleges that Google secretly tracked countless iPhone users’ internet activities. SEE: Google collects Android location data even if location service is off The consumer rights group, which?’s former director, Richard Lloyd, leads the […]
The Azure Defender for IoT research group reported the finding of at least 25 security flaws impacting all kinds of intelligent devices and industrial application Internet of Things (IoT) equipment. This set of vulnerabilities, identified as “BadAlloc”, was identified by experts from Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA). According to the report, […]
Google is facing a class-action lawsuit that claims the search engine giant secretly collects data from users even when they’re using its private Incognito mode. The US District Judge Lucy Koh wrote in her ruling that the search engine giant “did not notify users that Google engages in the alleged data collection while the user […]
The cybersecurity experts pronounced recently in a report that they have detected a new ransomware, Qlocker. This ransomware has gone viral, by attacking hundreds of QNAP network-attached storage (NAS) every day. However, this ransomware is one of the biggest campaigns that have used two ransomware known as “Qlocker” and “eCh0raix”. This two ransomware are slowly […]
Eaton developers have announced the release of some security patches for their Intelligent Power Manager (IPM) software, hoping to fix some security flaws considered critical, including a couple of bugs that would allow threat actors to disrupt power supply in affected deployments. The IPM solution is designed to ensure system uptime and data integrity by […]
A new ransomware strain called “Qlocker” is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption […]
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
Cybersecurity specialists reported the finding of multiple zero-day vulnerabilities in the Zoom client for desktop equipment whose successful exploitation would allow malicious hackers to execute arbitrary code on the target device. The report was submitted by the ethical hacking team composed of Daan Keuepr and Thijs Alkemade during the Pwn2Own hacking contest. Zoom granted them […]
Recently, on March 23, the United States Computer Emergency Readiness Team (US-CERT) has proclaimed that in “Ovarro TBox” several vulnerabilities have been detected. According to cybersecurity analysts, the exploitation of these vulnerabilities could generally enable threat actors to remotely execute code or execute a distributed denial-of-service (DDoS). Flaws Detected CVE-2021-22646 – Improper control of generation […]
Apple developers announced the release of a set of updates to fix a zero-day iOS flaw that impacts both iPhone and iPad devices and Apple Watch. According to the report, this flaw has already been exploited in real scenarios, so the installation of the patches is urgent. Tracked as CVE-2021-1879, this flaw was reported by […]
Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached […]
Recently, Netgear has published security updates to inscribe 15 severe vulnerabilities in its JGS516PE Ethernet switch. These flaws involve an unauthenticated remote code execution vulnerability which is considered as one of the critical flaws. According to the cybersecurity analyst, this switch is unprotected to nine high-severity vulnerabilities, and among them, there are five medium-rated ones. […]
Claroty’s an industry-level cybersecurity specialists firm reported the finding of two severe vulnerabilities present in PowerLogic smart meters, developed by Schneider Electric. This is a solution used by public and private organizations worldwide, mainly at industrial environments, medical centers and data centers. The report mentions that experts found that some of these PowerLogic meters (from […]
Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities. The alert comes on the heels of Microsoft’s disclosure that China-based hackers were exploiting unknown software bugs […]