Apple patches two dangerous zero-day vulnerabilities
Apple recently patched two zero-day vulnerabilities in iOS, iPadOS and macOS that allow cybercriminals to hack virtually any Apple device. These are WebKit and kernel vulnerabilities discovered by third parties.
The discovered zero-day vulnerabilities may already be actively exploited, Apple ind... Read more
KeePass disputes discovery of a vulnerability that allows password theft
The KeePass team, which created the popular open-source password management software, is disputing a recent discovery of a vulnerability in their software. According to the vulerability report it's possible to steal passwords by exploiting it.
KeePass helps users store their passwords in a loca... Read more
15-year-old Python bug puts 350,000 open-source projects at risk
Researchers at Trellix said they have patched nearly 62,000 open-source projects susceptible to a 15-year-old path traversal vulnerability in the Python ecosystem.
The bug, tracked under CVE-2007-4559, was discovered by Trellix's team in Python’s tarfile module late last year. It was first rep... Read more
Cisco warns of critical remote access vulnerabilities in SMB routers
Cisco alerted that several routers in its Small Business series contain vulnerabilities that could provide remote access to cybercriminals. The models have reached end-of-life status, meaning no patches are available.
Cisco stated that the vulnerabilities affect its RV016, RV042, RV042G and RV08... Read more
Researchers find DoS vulnerabilities in Rust Hyper
The JFrog Security Research team has discovered and disclosed multiple DoS (Denial of Service) vulnerabilities in popular Rust projects such as Axum, Salvo and conduit-hyper.
In a recent blog post, JFrog says that all vulnerabilities stem from the same root cause, namely developers failing to se... Read more
Linux-based malware uses 30 WordPress exploits to inject JavaScript
New Linux-based malware uses 30 vulnerabilities in WordPress plugins to inject malicious JavaScript.
Antivirus vendor Dr. Web reports that the malware comes in two variants capable of attacking Linux-based WordPress sites by exploiting outdated plugins. The first variant found, Linux.BackDoor.Wo... Read more
IBM discovers wormable vulnerability eerily similar to EternalBlue
Researchers have identified a Windows code execution vulnerability that has the potential to rival EternalBlue, a Windows security issue used to ignite WannaCry, which took down computer networks around the world in 2017.
The newly discovered vulnerability is listed as CVE-2022-37958. It allows ... Read more
Google postpones Manifest V2 phaseout
The phaseout of Google’s Manifest V2 Chrome extension framework has been delayed. The framework was supposed to be discontinued in 2023.
The tech giant announced the phaseout of Manifest V2 in 2021. Manifest V2 is a framework for capabilities and permissions that introduced more stringent rule... Read more
Hackers hijack Linux devices using PRoot-isolated file systems
Hackers are using BYOF (bring your own filesystem) attacks to abuse the open-source Linux PRoot utility and develop a consistent source of harmful tools compatible with Linux devices.
A BYOF attack involves a threat actor building a malicious file system on their devices that includes a typical ... Read more
Critical vulnerability in server management solution MegaRAC BMC
A critical vulnerability in MegaRAC BMC allows unauthorized attackers to execute code on servers. MegaRAC BMC is one of the world's most popular server management solutions.
On-premises datacenter operators and cloud providers use MegaRAC BMC to remotely manage servers. The technology is incorp... Read more