Over 178,000 SonicWall firewalls vulnerable to RCE, DoS attacks

January 15, 2024 at 01:34PM Security researchers discovered that more than 178,000 SonicWall firewalls with exposed online management interfaces are vulnerable to denial-of-service and remote code execution attacks. These vulnerabilities affect a large number of appliances and can lead to serious security risks. Users are advised to take measures to protect their devices from these … Read more

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

January 15, 2024 at 11:44AM The Guardio Labs research team has revealed a security flaw, dubbed MyFlaw, in the Opera web browser for Windows and macOS, allowing execution of files on the operating system. The flaw exploits the My Flow feature, prompting updates on Nov 22, 2023, to address it. The vulnerability emphasizes the need … Read more

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

January 15, 2024 at 11:44AM Thousands of WordPress sites are affected by the Balada Injector malware, exploiting a vulnerability in the Popup Builder plugin. The campaign, active since 2017, aims to redirect visitors to fraudulent pages and push notification scams. The attackers establish persistent control by adding backdoors and malicious plugins. The issue was addressed … Read more

Microsoft’s January 2024 Windows Update Patches 48 New Vulnerabilities

January 10, 2024 at 01:06AM In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to … Read more

Google Patches Six Vulnerabilities With First Chrome Update of 2024

January 4, 2024 at 10:13AM Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current … Read more

Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware

December 21, 2023 at 02:45AM Attackers are utilizing an old Microsoft Office vulnerability in phishing campaigns to distribute Agent Tesla malware. The infection chains leverage decoy Excel documents in invoice-themed messages to trick targets into opening them. Once downloaded, the malware initiates communication with a malicious destination to download additional files. Organizations must stay updated … Read more

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

December 18, 2023 at 11:39AM Security researcher Ben Barnea revealed two security flaws in Microsoft Windows that were patched in 2023. These flaws, CVE-2023-35384 and CVE-2023-36710, could be exploited by threat actors to achieve remote code execution on Outlook without user interaction. Mitigation recommendations include microsegmentation and addressing NTLM vulnerabilities. For further updates, follow the … Read more

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

November 24, 2023 at 11:30PM The open-source file-sharing software ownCloud has warned users about three critical security flaws that could expose sensitive information and allow for file modification. The vulnerabilities involve disclosure of credentials and configuration, authentication bypass, and subdomain validation bypass. The company recommends specific fixes for each flaw. Additionally, a critical remote code … Read more

Researchers extract RSA keys from SSH server signing errors

November 20, 2023 at 09:42AM Academic researchers have discovered that passive network attackers can retrieve secret RSA keys from errors in SSH connection attempts. These attacks exploit faults during signature computation, allowing attackers to compute the private key. The researchers recommend implementing validation of signatures before sending them to prevent secret key retrieval. Cisco and … Read more

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

October 30, 2023 at 03:18AM Unpatched security flaws have been discovered in the NGINX Ingress controller for Kubernetes. These vulnerabilities (CVE-2022-4886, CVE-2023-5043, CVE-2023-5044) could allow threat actors to steal secret credentials, execute arbitrary commands, and inject code into the ingress controller. Mitigations have been released, but updating NGINX and enabling strict path validation is recommended. … Read more