A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in … [Read more...] about Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild
Alert
Alert — There’s A New Malware Out There Snatching Users’ Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting … [Read more...] about Alert — There’s A New Malware Out There Snatching Users’ Passwords
ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force … [Read more...] about ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Apple Issues Statement on iOS ‘Masque Attack’
Following an alert from the U.S. government, Apple has issued a statement on 'Masque Attack', a hacking technique that exploits a vulnerability in iOS and allows an attacker to substitute malware for a legitimate app. Apple told iMore: "We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially … [Read more...] about Apple Issues Statement on iOS ‘Masque Attack’
U.S. Government Issues Warning on iOS ‘Masque Attack’
The United States Computer Emergency Readiness Team, part of the U.S. Department of Homeland Security, has issued a formal alert on the Apple iOS 'Masque Attack'. A few days ago FireEye mobile security researchers discovered an iOS security flaw that lets attackers replace your real apps with malware. FireEye found that when installing an app using enterprise/ad-hock … [Read more...] about U.S. Government Issues Warning on iOS ‘Masque Attack’