Citing the Reddit comment, Beaumont took to Mastodon to explain: “People are quite openly posting what is happening on Reddit now, threat actors are registering rogue FortiGates into FortiManager with hostnames like ‘localhost’ and using them to get RCE.” Beaumont wasn’t immediately available to elaborate. In the same thread, another user said that based on… Read More »
Getty Images reader comments 43 with A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives. The vulnerability, residing in the way WinRAR processes the ZIP file… Read More »
Enlarge / Building with Microsoft logo. Getty Images reader comments 8 with It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s Electoral Commission, which exposed data for… Read More »
reader comments 15 with A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday. The software bug, tracked as… Read More »
Enlarge / A BATM sold by General Bytes. General Bytes reader comments 68 with Share this story Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed. The heist targeted ATMs sold by… Read More »
reader comments 13 with 0 posters participating Share this story Google researchers said on Wednesday they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. Variston IT bills itself as a provider of tailor-made Information security solutions, including technology for embedded… Read More »
reader comments 31 with 21 posters participating, including story author Share this story Apple on Monday patched a high-severity zero-day vulnerability that gives attackers the ability to remotely execute malicious code that runs with the highest privileges inside the operating system kernel of fully up-to-date iPhones and iPads. In an advisory, Apple said that CVE-2022-42827,… Read More »
reader comments 26 with 22 posters participating Share this story Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world. The currently unpatched security flaws have been under active exploit since early… Read More »
Getty Images | NurPhoto reader comments 18 with 17 posters participating Share this story Google engineers have issued an emergency update for the Chrome browser to fix a high-severity vulnerability that can be exploited with code that’s already available in the wild. The vulnerability, which Google disclosed on Friday, is the result of “insufficient data… Read More »
Enlarge (credit: Getty Images) A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said. CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project… Read More »