Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks

Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team.  "QNAP urges all NAS users to check and update QTS to the latest version as

The Hacker News
Open in Source
#vulnerability#zero_day#The Hacker News
Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

By Waqas Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also… This is a post from HackRead.com Read the original post: Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

How Pwn2Own Made Bug Hunting a Real Sport

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.

The Industry Must Better Secure Open Source Code From Threat Actors

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

If you're an Apple user, make sure you patch for CVE-2022-22675, a zero-day flaw actively exported in the wild. The post Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV appeared first on Malwarebytes Labs.