PoC Exploit Released for Wormable Windows Vulnerability
A researcher has released a proof-of-concept (PoC) exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable. read more more…TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers
Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. read more more…Qualcomm Modem Chip Flaw Exploitable From Android: Researchers
Billions of Android devices are exposed to a vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip A vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within Android. read more more…Chrome for Windows Gets Hardware-enforced Exploitation Protection
Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. read more more…Dell fixes exploitable holes its own firmware update driver – patch now!
These bugs date back to 2009, and they could give crooks who are already in your network access to sysadmin superpowers. more…Dell fixes exploitable holes in its own firmware update driver – patch now!
These bugs date back to 2009, and they could give crooks who are already in your network access to sysadmin superpowers. more…Apple products hit by fourfecta of zero-day exploits – patch now!
Don’t delay. Get these updates today. more…Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited
Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited l33tdawg Tue, 05/04/2021 – 07:37 more…Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone. read more more…SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched
A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye’s Mandiant unit reported on Thursday. read more more…Apple Patches macOS Security Bypass Vulnerability Exploited by ‘Shlayer’ Malware
Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group. read more more…AV Under Attack: Trend Micro Confirms Apex One Exploitation
Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines. read more more…Three Zero-Day Flaws in SonicWall Email Security Product Exploited in Attacks
SonicWall’s Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start releasing patches, but a public warning about active exploitation came only 25 days after it learned about the attacks. read more more…Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world
Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world l33tdawg Tue, 04/20/2021 – 23:49 more…Pulse Secure Zero-Day Flaw Actively Exploited in Attacks
Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won’t be patched until next month. read more more…NSA: Russian Hackers Exploiting VPN Vulnerabilities – Patch Immediately
The U.S. government on Thursday warned that Russian APT operators are exploiting five known — and already patched — vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately. read more more…More information
- Spammers take advantage of Naked Security writing about spammers
- Flaw in WordPress Plugin Grants Access to Google Search Console
- Hackers have targeted 130 restaurants at Cicis pizza chain
- The VC View: Digital Transformation
- 64-bit operating systems, virtualization software vulnerable to privilege escalation attacks on Intel CPUs
- Tor Network Under DDoS Pressure for 7 Months
- US court gets UK Twitter hack suspect arrested in Spain
- Xerox Versalink Printer Vulnerabilities Enable Lateral Movement
- Taiwan: China’s cyberarmy shifting target to think tanks, telcos
- Hacked Smart Fish Tank Exfiltrated Data to ‘Rare External Destination’