Recent Security News
-
Atomic Stealer malware strikes macOS via fake browser updates
November 25, 2023 at 05:08PM The ‘ClearFake’ campaign, initially targeting Windows users with fake Chrome update prompts, has now expanded to Macs. The campaign utilizes Atomic Stealer (AMOS) malware to infect macOS computers. The malware disguises itself as a Safari update and attempts to steal sensitive information such as passwords, credit card details, and cryptocurrency…
-
New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government
November 25, 2023 at 12:18AM An unnamed government entity in Afghanistan fell victim to a sophisticated cyber attack involving a previously unknown web shell called HrServ. The web shell exhibits advanced features and allows threat actors to control the compromised server and carry out various malicious activities. The attack involves the use of a remote…
-
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
November 24, 2023 at 11:30PM The open-source file-sharing software ownCloud has warned users about three critical security flaws that could expose sensitive information and allow for file modification. The vulnerabilities involve disclosure of credentials and configuration, authentication bypass, and subdomain validation bypass. The company recommends specific fixes for each flaw. Additionally, a critical remote code…
-
UK and South Korea: Hackers use zero-day in supply-chain attack
November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain…
-
Critical bug in ownCloud file sharing app exposes admin passwords
November 24, 2023 at 01:20PM Open-source file sharing software ownCloud has issued warnings about three critical security vulnerabilities. The first flaw exposes administrator passwords and mail server credentials. The second flaw allows unauthorized access to files without authentication. The third flaw bypasses subdomain validation in the OAuth2 library. Users are advised to apply recommended fixes…