May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively … [Read more...] about Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
Flaws
VMware Patches Severe Security Flaws in Workstation and Fusion Products
May 14, 2024NewsroomBluetooth / Vulnerability Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions … [Read more...] about VMware Patches Severe Security Flaws in Workstation and Fusion Products
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Apr 26, 2024NewsroomSupply Chain Attack / Software Security Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported … [Read more...] about Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Jan 31, 2024NewsroomVulnerability / Zero Day Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect … [Read more...] about Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and … [Read more...] about N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
Sep 20, 2023THNNetwork Security / Vulnerability Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on … [Read more...] about Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
New Juniper Junos OS Flaws Expose Devices to Remote Attacks
Aug 19, 2023THNNetwork Security / Vulnerability Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in … [Read more...] about New Juniper Junos OS Flaws Expose Devices to Remote Attacks
Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk
Aug 12, 2023THNServer Security / Cyber Threat Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine … [Read more...] about Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Aug 12, 2023THNVulnerability / Privacy Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch … [Read more...] about Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk
Aug 10, 2023THNPrivacy / Encryption A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input … [Read more...] about Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk