Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles
We take a look at multiple vulnerabilities highlighted by Google’s Project Zero team, and what you can do to ward off the threat of attack.…
Month: March 2023
NCSC launches cyber check-up tools for SMEs
The UK’s National Cyber Security Centre (NCSC) is today launching two new services pitched at the country’s 5.5 million small businesses, a third of which…
Exploiting SSL Vulnerabilities in Mobile Apps – allysonomalley.com
This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can…
Ferrari discloses data breach after receiving ransom demand
Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company’s IT systems. “We regret to…
Windows 11 bug warns Local Security Authority protection is off
Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority (LSA) Protection has been disabled even though it shows as being toggled…
Access to remapped root allows privilege escalation to real root · Advisory · moby/moby · GitHub
Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that…
Hackers target .NET developers with malicious NuGet packages
Threat actors are targeting and infecting .NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting. Three of…
File-sharing site Zippyshare shutting down after 17 years
File-sharing site Zippyshare has announced they are shutting down the site by the end of March 2023 after announcing they can no longer afford to…
Threat Actors Using Go-based HinataBot to launch DDoS Attacks
The botnet is based on the Mirai botnet, and since it is actively updated, the new versions have additional features like functional improvements and anti-analysis.…
Amazon CEO Andy Jassy confirms 9,000 further job cuts across AWS, Twitch and its advertising arm
Amazon CEO Andy Jassy has confirmed that its cloud division will be affected by its next round of job cuts, with 9,000 employees across several…
VMware NSX Manager Vulnerabilities being actively exploited
The Wallarm Detect team has found exploit attempts in the wild of CVE-2022-31678 and CVE-2021-39144. The original vulnerabilities were found in VMware NSX Manager at…
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and…