Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command. A system administrator has the ability to delegate authority to certain […]
This week, an announcement was made by TPG Telecom in Australia stating that an unidentified threat actor had acquired unauthorized access to a server that hosts the email accounts of 15,000 subscribers. After Singtel-owned Optus, Medibank, and a second Singtel subsidiary were hacked, this event is one of the numerous recent high-profile hacks that have […]
VMware has patched two security flaws in VMware Workspace ONE Access and Identity Manager as of today: Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager, tracked under the CVE identifier 2022-31700 and assigned a CVSS score of 7.2Broken Authentication Vulnerability in VMware Workspace ONE Access and Identity Manager, tracked by […]
Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. […]
Following the release of an emergency patch by Fortinet to address significant security flaws in the FortiOS SSL-VPN product. Citrix has just just issued yet another critical security update for its Citrix ADC and Citrix Gateway products. The company has patched a critical zero-day vulnerability that has been identified as CVE-2022- 27518. This threat affects […]
It would be wise to get a burner phone if you were traveling to Qatar for the World Cup. Additionally, avoid taking any pictures that would violate the Gulf state’s stringent morals regulations. Football fans are being advised on how to shield themselves from the Qatar World Cup applications’ spying by France’s powerful data protection […]
The research team at cyber security company has identified a flaw that makes it possible to hack video entrance systems with an NFC tag. Promon researchers found that attackers can conduct an attack on the entry system to get the admin passcode using a mobile device with NFC capabilities. Once the passcode has been discovered, […]
The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is “part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread,” the Microsoft Security Threat Intelligence Center (MSTIC) […]
Jira Align is a software-as-a-service (SaaS) platform that enables businesses to grow their cloud installations of the wildly popular bug tracking and project management tool Atlassian Jira. A high severity (CVSS 8.8) authorization controls issue was discovered by a Bishop Fox security researcher. It enables users with the ‘people’ permission to raise their privilege, or […]
Protecting sensitive organizational credentials, limiting privileged user access, actively imposing security policies, and monitoring and recording privileged user behavior across virtual, cloud, and physical environments are all part of Symantec Privileged Access Management’s (PAM) security breach prevention strategy. A serious security flaw in Symantec Privileged Access Management (PAM) was found by researcher Nikola Kojichas from […]
Two critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab. There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access […]
Twitter executives misled federal regulators and the company’s own board about “extreme and egregious shortcomings” in its defenses against hackers and its meager efforts to combat bots, said a former chief security officer Peiter Zatko. What happens inside Twitter? The document describes Twitter as a chaotic and aimless company beset by infighting, unable to adequately […]
In the Amazon Ring app for Android, Amazon has patched a high-severity vulnerability that may have let hackers download customers’ recorded camera footage. The flaw was spotted and reported to Amazon on May 1st, 2022 by security researchers working for the application security testing company Checkmarx. The flaw was quickly repaired by Amazon after it […]
Zoom announced that it published an update (5.11.5) of its video call app that corrects a security flaw in its version for Mac computers. They explained that the vulnerability in the program’s source code allowed cybercriminals to access the computer and take control of it from a distance. The Zoom code bug was nothing new […]
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a “durable persistence mechanism.” That’s according to a new warning from the Microsoft 365 Defender Research Team, which said that “IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate […]
An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. “More than 770 million logs of free tier users are available, from which you can easily […]
NAS device maker QNAP released software updates for its network-attached storage (NAS) products on Friday. While this updated software package is focused on patching multiple security flaws. All these flaws could enable the threat actors to get access and steal sensitive data. Among all the detected vulnerabilities, there is one that could allow the threat […]
In its latest security advisory Cisco announced the fix of several flaws in its NFV Infrastructure Software (NFVIS), a network virtualization solution for virtual network function (VNF) management. Two of the fixed flaws are considered critical and could be exploited by threat actors for the execution of commands with root privileges and for guest virtual […]
The audio decoders in Qualcomm and MediaTek chips have been reported to contain three security vulnerabilities. Leaving unpatched three of these security holes could provide the threat actors with remote access to the media and audio conversations from affected mobile devices if they aren’t patched. The security analysts at Check Point asserted that by sending […]
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several […]
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. “Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the […]