Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on … [Read more...] about New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader
attackers
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own … [Read more...] about Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get … [Read more...] about One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad … [Read more...] about New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, … [Read more...] about Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for … [Read more...] about A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared … [Read more...] about New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware
An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the "manage versions" … [Read more...] about A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware
Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account.Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to … [Read more...] about Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password
Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.In case you don't own one of these, Amazon's Ring Video Doorbell is a smart … [Read more...] about Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password