The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country’s Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, […]
The recent discovery of a significant flaw in the GNU C Library (glibc), a fundamental component of major Linux distributions, has raised serious security concerns. This flaw grants attackers root access, posing a critical threat to the security of Linux systems. Vulnerability in GNU C Library (glibc): The GNU C Library, commonly known as glibc, […]
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various […]
In the rapidly evolving landscape of artificial intelligence, generative AI systems have become a cornerstone of innovation, driving advancements in fields ranging from language processing to creative content generation. However, a recent report by the National Institute of Standards and Technology (NIST) sheds light on the increasing vulnerability of these systems to a range of […]
Recent cybersecurity research has unveiled a critical vulnerability impacting over 1,450 pfSense servers, exposing them to potential remote code execution (RCE) attacks. This vulnerability arises from a combination of command injection and cross-site scripting flaws, posing a significant threat to the security of these widely-used network appliances. Anyone can bypass the Google and AWS Web […]
Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human qualities, sharpening their skills to manipulate biases and emotional triggers with the objective of […]
In a startling revelation, Bitdefender, a leading cybersecurity firm, has disclosed a series of sophisticated attack methods that could significantly impact users of Google Workspace and Google Credential Provider for Windows (GCPW). This discovery highlights potential weaknesses in widely used cloud and authentication services, prompting a reevaluation of current security measures. Discovery of Advanced Attack […]
The team at Qualys Threat Research Unit has unveiled a fresh vulnerability within the Linux operating system, allowing local attackers to escalate their access level to root privileges. This escalation is made possible by exploiting a buffer overflow weakness located in the GNU C Library’s ld.so dynamic loader. Assigned the identification CVE-2023-4911 and nicknamed “Looney […]
Qualcomm recently issued warnings about three zero-day vulnerabilities within its GPU and Compute DSP drivers that are currently being exploited by hackers. These warnings were initiated based on information received from Google’s Threat Analysis Group (TAG) and Project Zero teams. According to their reports, there is limited but targeted exploitation of vulnerabilities identified as CVE-2023-33106, […]
A notorious threat actor with presumed ties to the Chinese government, known as “BlackTech”, has reportedly been exploiting Cisco routers to infiltrate major corporations in the United States and Japan, according to cybersecurity experts. Using various aliases like Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, BlackTech has stealthily replaced original device firmware with malicious counterparts. […]
Within the expansive domain of collaboration tools, Atlassian’s Bitbucket and Confluence emerge as prominent figures, bestowing their enabling capabilities onto many developers and teams worldwide. Nevertheless, similar to other formidable entities, these platforms are not immune to possible risks. In recent times, a few vulnerabilities of significant severity have emerged, eliciting a sense of apprehension […]
A kind of attack known as prompt injection is directed against LLMs, which are the language models that are the driving force behind chatbots such as ChatGPT. It is the process by which an adversary inserts a prompt in such a manner as to circumvent any guardrails that the developers have set in place, so […]
Following the disclosure of a serious flaw in the Microsoft Power Platform, researchers in the field of information security are advising users of Azure Active Directory (AD) to keep an eye out for abandoned reply URLs. To be more precise, the researchers discovered an unused reply URL address inside an Azure Active Directory application that […]
The Internet of Things (IoT) is now experiencing its zenith and is quickly growing its capabilities. This is being accomplished through the transformation of commonplace goods, such as light bulbs and plugs, into smart devices that can be controlled using a smartphone. The number of Internet of Things devices surpassed 13.8 billion in 2021; by […]
It is possible to remotely hack ATMs by taking advantage of a number of vulnerabilities that have been found in the ScrutisWeb ATM fleet monitoring software developed by the firm.Members of the Synack Red Team were the ones to uncover the vulnerabilities in the system, and the vendor addressed them in July 2023 with the […]
Those that work with databases on a regular basis will know that PostgreSQL is more than just a name. It has an impressive history that spans over 30 years, and now it serves as an effective object-relational database system that is open source. Because of its ability to store and grow even the most complex […]
Attackers are still focusing their attention on Microsoft identities in the hopes of breaking into linked Microsoft apps and federated SaaS applications. In addition, attackers continue to advance their attacks in these contexts, however they do so not by taking advantage of vulnerabilities but rather by misusing core Microsoft features in order to accomplish their […]
It has come to light that the Ninja Forms plugin for WordPress has many security flaws that might be abused by malicious actors to gain elevated access and steal sensitive data. According to a report published by Patchstack a week ago, the vulnerabilities, which are listed as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, affect versions 3.6.25 and […]
A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, […]
Global radios depend on the TETRA (Terrestrial Trunked Radio) standard, however a number of vulnerabilities have been found that have an influence on its use in Europe, the UK, and other countries. These issues include the following:- Institutions of the state, Law enforcement, Organizations that provide emergency assistance, Institutions of the military The encryption and […]
Recent news reports have brought attention to two serious zero-day vulnerabilities that pose a risk to the digital security of Apple products sold in every region of the world. Both of these vulnerabilities, which have been given the CVE identifiers CVE-2023-37450 and CVE-2023-38606, were found to be present in Apple’s WebKit browser engine and kernel […]