Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems. April […]
Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited by threat actors in attacks against defense firms […]
A security duo has demonstrated how to hack a Tesla Model Xâs and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […]
A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design […]
UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEyeâs Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue (CVE-2021-20016) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before […]
Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […]
Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. […]
CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released a joint advisory that provides trends and best practices related to […]
Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information, such as email addresses and phone numbers. “A team of researchers from […]
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed its customers of the security breach that impacted its Passwordstate password management application. Passwordstate is the Enterprise Password Management solution used by more […]