Getty Images reader comments 26 with Share this story Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned. Exploit activities by one group likely began in August 2021 and last August by the other,… Read More »
Aurich Lawson | Getty Images reader comments 144 with Share this story Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. Dubbed BlackLotus, the malware… Read More »
reader comments 6 with Share this story Organizations around the world are once again learning the risks of not installing security updates as multiple threat actors race to exploit two recently patched vulnerabilities that allow them to infect some of the most critical parts of a protected network. The vulnerabilities both carry severity ratings of… Read More »
reader comments 8 with 0 posters participating Share this story Researchers have unearthed four game modes that could successfully exploit a critical vulnerability that remained unpatched in the popular Dota 2 video game for 15 months after a fix had become available. The vulnerability, tracked as CVE-2021-38003, resided in the open source JavaScript engine from… Read More »
Getty Images reader comments 21 with 0 posters participating Share this story An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday. The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts… Read More »
reader comments 24 with 0 posters participating Share this story As many as 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to hacks that are easy to carry out and give unauthenticated users on the Internet complete control, a security firm has warned. The vulnerability, which carries a severity rating of 9.8 out… Read More »
Getty Images reader comments 12 with 0 posters participating Share this story Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit.… Read More »
reader comments 25 with 0 posters participating Share this story An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday. Tracked as CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to… Read More »
Getty Images reader comments 60 with 0 posters participating Share this story Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy “no other chat service” can offer. Despite the unusually strong claims and two independent security audits Threema… Read More »
Hive Social reader comments 23 with 0 posters participating Share this story Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts.… Read More »