VMware addresses a critical remote code execution (RCE) flaw in the Virtual SAN Health Check plug-in that impacts all vCenter Server installs. VMware has released security updates to address a remote code execution (RCE) flaw in vCenter Server that could be exploited by attackers to execute arbitrary code on the installs. vCenter Server is the centralized […]
An Iran-linked threat actor tracked as Agrius employed data-wipers disguised as ransomware to destroy targeted IT infrastructure. Researchers from cyber-security firm SentinelOne discovered a new Iran-linked threat actor, tracked as Agrius, which relied on data-wiping malware disguised as ransomware to destroy the targeted systems. In order to hide the real nature of the threat, the […]
A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated attacker to execute arbitrary code with elevated privileges. The vulnerability tracked as CVE-2021-22908, has received a CVSS […]
Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Once activated, the Home Network Security station scans all traffic passing […]
Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is […]
The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year, on March 7. According to the breach notification letter filed by Bose, the […]
US banks are giving the green light to the adoption of facial recognition technology, while authorities provide regulations and updates guidelines Many among the US biggest banks are trying their luck with facial recognition technology. The FTC issues a new set of guidelines about the use of Artificial Intelligence. The European Union’s stance on face […]
Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks. Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices during the pairing process and conduct man-in-the-middle (MitM) attacks while within wireless range of vulnerable devices. […]
Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a temporary interruption. Researchers from BleepingComputer reported that operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed their operations after a temporary interruption. Unlike other ransomware, Zeppelin operators do not steal data from the victims and don’t run a leak site. Zeppelin ransomware […]
Researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited for malicious purposes. Cybersecurity researchers from Skylight Cyber disclosed technical details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited by threat actors to hijack the infrastructure. Nagios is an open-source IT infrastructure monitoring and […]