Mandiant researchers have determined that a recent Fortinet vulnerability was exploited as a 0-day for malware delivery in October 2022, almost two months before the patch release.
Mandiant researchers have determined that a recent Fortinet vulnerability was exploited as a 0-day for malware delivery in October 2022, almost two months before the patch release.
Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).
As we warned, Horizon3 researchers have uncovered a PoC exploit and presented a technical analysis for the critical RCE vulnerability CVE-2022-47966 in Zoho ManageEngine products.
T-Mobile has revealed a new data leak after attackers stole the confidential account information of 37 million customers through one of the APIs.
Hackers spread Malware in Blank Images
— The researchers of the Avanan information security company found that attackers bypass the VirusTotal service by introducing malware into empty images in emails.
Kraken absorbed the Solaris darknet platform after the latter was hacked.
Currently, the Tor Solaris website redirects users to Kraken.
Some vendors and users of Adobe Commerce and Magento decided to make a difficult choice between "safe" and "convenient".
As we reported, the February patch from Adobe, released to eliminate the critical vulnerability of mail templates CVE-2022-24086 (CVSS score 9.8), was actively bypassed by attackers.
American security forces have detained Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange registered in Hong Kong, who is accused of collaborating with extortionists and laundering money received from drug trafficking.
Oracle has announced the release of the first critical update in 2023, which includes 327 new security fixes.
At the same time, more than 70 fixes eliminate critical vulnerabilities, and almost 200 fixes eliminate errors that can be used remotely without authentication. Some of the corrected shortcomings affect more than one product of the company.
RCE vulnerabilities were discovered in TP-Link and NetComm routers.
CVE-2022-4498 and CVE-2022-4499 affect TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO.
In modern conditions, the security of information systems of corporations and government agencies is of particular importance, and in 2023 its role will increase even more.
👩💻Attackers can use ChatGPT to Create 😷 Polymorphic Malware
Cyberark researchers Eran Shimoni and Omer Tsarfati claim that HATGPT is capable of creating relatively simple polymorphic malware:
Orca provided information about 4 server-side request forgery attacks (SSRF) in Microsoft Azure services, including two errors that could be used without authentication for unauthorized access to cloud resources.
Git has fixed two critical vulnerabilities that could allow attackers to execute RCE after successfully exploiting heap-based buffer overflow vulnerabilities.
As a result of the ransowmare attack on the DNV shipping software provider, more than 70 customers and about 1,000 vessels were affected.
Norwegian company DNV GL is the largest software supplier in the marine industry, providing solutions and services throughout the life cycle of any vessel, including a full range from design to risk assessment and management.