Security
Headlines
HeadlinesLatestCVEs

Tag

#botnet

WatchGuard firewall exploit threatens appliance takeover

One-two bug punch leads to ‘worst possible impact’, said researcher

PortSwigger
Open in Source
#vulnerability#xpath#botnet#auth
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack

The ongoing campaign is spreading worldwide, using the lure of a fully functional Google Translate application for desktops that has helped the threat stay undetected for months.

Hackers spreading malware through images taken by James Webb Space Telescope

By Waqas Researchers have identified a new Golang-based malware campaign leveraging deep field images from the James Webb Space Telescope to deploy malware on infected devices. This is a post from HackRead.com Read the original post: Hackers spreading malware through images taken by James Webb Space Telescope

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and

CVE-2022-32548: Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as CVE-2021-38406 (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful

5 Signs your WordPress Site is Hacked (And How to Fix It)

By Owais Sultan Currently, there are over 455 million websites powered by WordPress which highlights the fact that this open-source content management system is a lucrative target for cybercriminals and why security should be the top priority of WP users. This is a post from HackRead.com Read the original post: 5 Signs your WordPress Site is Hacked (And How to Fix It)

Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022.

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Categories: News Tags: Hikvision Tags: CVE-2021-36260 Tags: metasploit Tags: Mirai Tags: Moobot Tags: A patch has been available since September 2021, yet tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update. (Read more...) The post Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover appeared first on Malwarebytes Labs.

Attackers using fake Cloudflare DDoS protection popups to distribute malware

By Waqas The malware dropped in this attack is the NetSupport RAT which was previously identified in malicious MS Word documents. This is a post from HackRead.com Read the original post: Attackers using fake Cloudflare DDoS protection popups to distribute malware