Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware
Mozilla issued a warning this week over malicious websites offering Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. Cybersecurity…
Category: SecurityWeek
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Server and computer hardware giant Supermicro has released updates to address multiple vulnerabilities in Baseboard Management Controllers (BMC) IPMI firmware. The issues (tracked as CVE-2023-40284…
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile virtual network operator Lyca Mobile has confirmed that its services were significantly disrupted in recent days due to a cyberattack that may have…
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
Major Linux distributions such as Debian, Fedora, and Ubuntu are affected by a GNU C Library (glibc) vulnerability that could provide an attacker with full…
Google, Yahoo Boosting Email Spam Protections
Google and Yahoo on Tuesday announced a series of new requirements meant to improve email phishing and spam protections for their users. Starting with the…
Qualcomm Patches 3 Zero-Days Reported by Google
US chip giant Qualcomm this week announced patches for more than two dozen vulnerabilities found in its products, including three zero-days reported to the company…
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024. Something new…
Synqly Joins Race to Fix Security, Infrastructure Product Integrations
Synqly, a Silicon Valley startup with ambitious plans to fix the way security and infrastructure products are integrated, announced its debut Tuesday with an early…
Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
A series of critical vulnerabilities impacting a tool called TorchServe could allow threat actors to take complete control of servers that are part of the…
Companies Address Impact of Exploited Libwebp Vulnerability
Companies have been releasing advisories addressing the impact of an actively exploited Libwebp vulnerability tracked as CVE-2023-4863 and CVE-2023-5129 on their products. The two CVEs…
Dozens of Malicious NPM Packages Steal User, System Data
Fortinet’s security researchers have identified multiple malicious NPM packages containing obfuscated scripts designed to harvest a trove of information from victims’ systems. On Monday, Fortinet…
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns.…