Tag Archives: vulnerabilities

Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity

reader comments 6 with Share this story Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned. The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high… Read More: Ransomware crooks are exploiting IBM file exchange bug with a… »

Google tells users of some Android phones: Nuke voice calling to avoid infection

Enlarge / Images of the Samsung Galaxy S21, which runs with an Exynos chipset. reader comments 89 with Share this story Google is urging owners of certain Android phones to take urgent action to protect themselves from critical vulnerabilities that give skilled hackers the ability to surreptitiously compromise their devices by making a specially crafted… Read More: Google tells users of some Android phones: Nuke voice calling… »

Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years

Getty Images reader comments 26 with Share this story Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US federal agency by exploiting a four-year-old vulnerability that remained unpatched, the US government warned. Exploit activities by one group likely began in August 2021 and last August by the other,… Read More: Federal agency hacked by 2 groups thanks to flaw that… »

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

Aurich Lawson | Getty Images reader comments 144 with Share this story Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. Dubbed BlackLotus, the malware… Read More: Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows… »

A world of hurt for Fortinet and Zoho after users fail to install patches

reader comments 6 with Share this story Organizations around the world are once again learning the risks of not installing security updates as multiple threat actors race to exploit two recently patched vulnerabilities that allow them to infect some of the most critical parts of a protected network. The vulnerabilities both carry severity ratings of… Read More: A world of hurt for Fortinet and Zoho after users… »

Valve waited 15 months to patch high-severity flaw. A hacker pounced

reader comments 8 with 0 posters participating Share this story Researchers have unearthed four game modes that could successfully exploit a critical vulnerability that remained unpatched in the popular Dota 2 video game for 15 months after a fix had become available. The vulnerability, tracked as CVE-2021-38003, resided in the open source JavaScript engine from… Read More: Valve waited 15 months to patch high-severity flaw. A hacker… »

Hackers are mass infecting servers worldwide by exploiting a patched hole

Getty Images reader comments 21 with 0 posters participating Share this story An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday. The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts… Read More: Hackers are mass infecting servers worldwide by exploiting a patched… »

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware

reader comments 24 with 0 posters participating Share this story As many as 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to hacks that are easy to carry out and give unauthenticated users on the Internet complete control, a security firm has warned. The vulnerability, which carries a severity rating of 9.8 out… Read More: Up to 29,000 unpatched QNAP storage devices are sitting ducks… »

Vulnerability with 9.8 severity in Control Web Panel is under active exploit

Getty Images reader comments 12 with 0 posters participating Share this story Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit.… Read More: Vulnerability with 9.8 severity in Control Web Panel is under… »

Fortinet says hackers exploited critical vulnerability to infect VPN customers

reader comments 25 with 0 posters participating Share this story An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday. Tracked as CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to… Read More: Fortinet says hackers exploited critical vulnerability to infect VPN customers »