S3 Ep137: 16th century crypto skullduggery
Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.)
Vulnerability
Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!
A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential…
Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-…
Critical Vulnerabilities Found in Faronics Education Software
Faronics patches critical-severity remote code execution (RCE) vulnerabilities in the Insight education software.
The post Critical Vulnerabilities Found in Faronics Education Software appeared first on SecurityWeek.
Crypto Discord Communities Targeted by Malicious Bookmarks & JavaScript
By Waqas
Discord admins, beware: scammers are hijacking accounts and stealing cryptocurrency funds by using malicious bookmarks in a new and tricky attack.
This is a post from HackRead.com Read the original post: Crypto Discord Communities Targeted by …
Bitdefender Introduces GravityZone Security for Android, iOS, and Chromebook
By Habiba Rashid
According to Bitdefender, GravityZone Security for Mobile is a cutting-edge solution that leverages powerful antimalware technologies driven by real-time threat intelligence and machine learning.
This is a post from HackRead.com Read t…
Critical Jetpack WordPress Flaw Exposes Millions of Website
This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation
The post Critical Jetpack WordPress Flaw Exposes Millions of Website appeared first on GBHackers – Latest Cyber Security News | Hacker News.
Zyxel patches vulnerability in NAS devices (CVE-2023-27988)
Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the…
Attackers hacked Barracuda ESG appliances via zero-day since October 2022
Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many…
Serious Security: Verification is vital – examining an OAUTH login bug
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?