Jul 21, 2023THNVulnerability / Botnet Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in … [Read more...] about DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Devices
Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
May 01, 2023Ravie LakshmananMalverposting / Scam A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on … [Read more...] about Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is … [Read more...] about New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
New Mirai Botnet Variant ‘V3G4’ Exploiting 13 Flaws to Target Linux and IoT Devices
Feb 17, 2023Ravie LakshmananIoT Security / Cyber Attack A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by … [Read more...] about New Mirai Botnet Variant ‘V3G4’ Exploiting 13 Flaws to Target Linux and IoT Devices
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
Feb 15, 2023Ravie LakshmananPrivacy / Technology Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and … [Read more...] about Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
Feb 08, 2023Ravie LakshmananEncryption / IoT Security The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of … [Read more...] about NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS … [Read more...] about QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Jan 23, 2023Ravie LakshmananMobile Security / Malvertising Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible … [Read more...] about Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
This Android File Manager App Infected Thousands of Devices with SharkBot Malware
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first … [Read more...] about This Android File Manager App Infected Thousands of Devices with SharkBot Malware
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows … [Read more...] about High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices