QNAP addresses a critical flaw impacting its NAS devices
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices.
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
ISC fixed high-severity flaws in DNS software suite BIND
The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS).
BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC).
The ISC released security patches to address...
Patch management is crucial to protect Exchange servers, Microsoft warns
Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs.
Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit vulnerabilities in unpatched installs....
Google Chrome 109 update addresses six security vulnerabilities
Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild.
Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities.
Four of the addressed...
North Korea-linked TA444 group turns to credential harvesting activity
North Korea-linked TA444 group is behind a credential harvesting campaign targeting a number of industry verticals.
Proofpoint researchers reported that North Korea-linked TA444 APT group (aka APT38, BlueNoroff, Copernicium, and Stardust Chollima) is behind a credential harvesting campaign targeting a number...
DragonSpark threat actor avoids detection using Golang source code Interpretation
Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection.
SentinelOne researchers spotted a Chinese-speaking actor, tracked as DragonSpark, that is targeting organizations in East Asia.
The attackers employed an open source tool SparkRAT...
VMware warns of critical code execution bugs in vRealize Log Insight
A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system.
VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize...
Pakistan hit by nationwide power outage, is it the result of a cyber attack?
Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack.
On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if...
GoTo revealed that threat actors stole customers’ backups and encryption key for some of them
GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key.
GoTo, formerly LogMeIn Inc, is a flexible-work provider of software as a service (SaaS) and cloud-based remote work tools for collaboration and IT management,
The company is warning...
CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog
US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog.
The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog.
The CVE-2022-47966 flaw is an unauthenticated remote code execution...
Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads
Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads.
On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones.
The...
Expert found critical flaws in OpenText Enterprise Content Management System
The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE.
Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise content management (ECM) product.
OpenText Extended ECM is an...
Around 19,500 end-of-life Cisco routers are exposed to hack
Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain.
Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042,...
Cisco fixes SQL Injection flaw in Unified CM
A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition.
Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager...
Experts released PoC exploit for critical Zoho ManageEngine RCE flaw
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products.
The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue...
GitHub says hackers cloned code-signing certificates in breached repository
Enlarge
GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.
Code-signing certificates place...
QNAP addresses a critical flaw impacting its NAS devices
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices.
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
Chromebook SH1MMER exploit promises admin jailbreak
Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…
MusicLM: Google AI generates music in various genres at 24 kHz
Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica)
On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
