Penetration Testing

APRIL 16, 2024

Cybersecurity experts at FortiGuard Labs are sounding the alarm about a wave of attacks targeting a known vulnerability in TP-Link Archer AX21 routers.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Penetration Testing

MARCH 12, 2024

Security researchers Quynh Le and Eng De Sheng from Ensign InfoSecurity Labs have uncovered a major security flaw (CVE-2024-25331) in the popular D-Link DIR-822 router.

Penetration Testing 127

Penetration Testing 127

Schneier on Security

SEPTEMBER 17, 2021

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.

Spyware 301

Spyware 301

Schneier on Security

DECEMBER 20, 2021

Citizen Lab published another report on the spyware used against two Egyptian nationals. According to Citzen Lab: We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Manufacturing 321

Manufacturing Spyware Hacking Internet 321

Schneier on Security

NOVEMBER 12, 2021

The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report. In addition, the zero-day exploit used in this hacking campaign is “identical” to an exploit previously found by cybersecurity research group Pangu Lab, Huntley said.

Hacking 296

Hacking Malware Cybersecurity 296

Security Affairs

MARCH 22, 2024

The researcher Seunghyun Lee ( @0x10n ) of KAIST Hacking Lab used a UAF to achieve remote code execution in the renderer on both Micosoft Edge and Google Chrome. The team from STAR Labs SG demonstrated the first Docker desktop escape at Pwn2Own hacking competition by chaining two vulnerabilities, including a UAF.

Hacking 133

Hacking Information Security 133

Penetration Testing

JANUARY 31, 2024

Recently, Docker faced a significant challenge as Snyk Labs identified four critical security vulnerabilities affecting its container... The post CVE-2024-21626: Docker Confronts Critical Container Escape Threat appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Technology 145

The Hacker News

APRIL 24, 2024

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.

89

89

Schneier on Security

NOVEMBER 30, 2021

This creates a long tail of old products that remain in widespread use, vulnerable to attacks. Intel’s answer to this conundrum was to create a warehouse and laboratory in Costa Rica, where the company already had a research-and-development lab, to store the breadth of its technology and make the devices available for remote testing.

Technology 276

Technology Engineering Software Cybersecurity 276

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems.

VPN 119

VPN Hacking Engineering Information Security 119

Security Affairs

NOVEMBER 20, 2023

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. ” reads the report published by NSFOCUS.

Phishing 139

Phishing Financial Services Cryptocurrency Technology 139

Security Boulevard

DECEMBER 18, 2023

In a recent scrutiny of Sierra wireless routers, Forescout’s Vedere Labs uncovered 21 novel vulnerabilities that, though relatively straightforward to exploit, pose historical challenges for enterprises to rectify. The post Sierra Flaws Cyber Attack: Router Vulnerabilities Unveiled appeared first on Security Boulevard.

Cyber Attacks 62

Cyber Attacks Wireless Internet Internet 62

Penetration Testing

MARCH 19, 2024

Rhino Security Labs published the technical details and proof-of-concept (PoC) exploit for a severe flaw in Progress Kemp LoadMaster load balancers (CVE-2024-1212, CVSS 10).

Penetration Testing 109

Penetration Testing 109

Security Affairs

SEPTEMBER 11, 2023

CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog.

Spyware 119

Spyware Accountability Hacking Risk 119

Security Affairs

MARCH 27, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The Star Labs team demonstrated the vulnerability at the Pwn2Own Vancouver 2023 hacking competition.

Hacking 119

Hacking Authentication Cybersecurity Risk 119

Penetration Testing

APRIL 25, 2024

Researchers at Rhino Security Labs have detailed a critical security flaw in Progress Flowmon, a widely used network monitoring tool.

Penetration Testing 86

Penetration Testing 86

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

MAY 1, 2024

Security researchers at FortiGuard Labs have uncovered a new botnet campaign.

Penetration Testing 82

Penetration Testing DDOS Malware 82

Penetration Testing

JANUARY 18, 2024

Recently, Cado Security Labs researchers have uncovered a striking and innovative campaign that specifically targets vulnerable Docker services.

Penetration Testing 105

Penetration Testing Malware Cyber threats 105

Security Affairs

SEPTEMBER 7, 2023

Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws (CVE-2023-41064 and CVE-2023-41061) fixed by Apple are being used to infect devices with NSO Group ’s Pegasus spyware.

Spyware 117

Spyware Accountability Hacking Mobile 117

Krebs on Security

OCTOBER 10, 2023

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. The latter vulnerability could expose NTLM hashes , which are used for authentication in Windows environments. and iPadOS 17.0.3

Engineering 216

Engineering DDOS Software Authentication 216

Malwarebytes

APRIL 29, 2024

Last week on Malwarebytes Labs: Ring agrees to pay $5.6 Last week on Malwarebytes Labs: Ring agrees to pay $5.6 CrushFTP vulnerability allows data theft and possibly server compromise Patch now! Cactus exploits Qlik Sense to deliver ransomware Stay safe!

Healthcare 67

Healthcare Scams Ransomware 67

Schneier on Security

JULY 12, 2022

Honda vehicles from 2021 to 2022 are vulnerable to this attack : On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles.

Software 320

Software Cybersecurity 320

Penetration Testing

FEBRUARY 12, 2024

In the wake of Atlassian’s disclosure of CVE-2023-22527, a critical template injection vulnerability in the Confluence Server and Data Center, Arctic Wolf Labs has uncovered threat actors are leveraging this vulnerability to deploy the... The post C3RB3R Ransomware Strikes Again: Exploiting the Confluence Vulnerability appeared first (..)

Penetration Testing 87

Penetration Testing Ransomware Malware 87

Penetration Testing

JANUARY 18, 2024

In a recent discovery, Varonis Threat Labs has unveiled three new ways that cyber attackers can exploit to access NTLM v2 hashed passwords, putting countless systems and user data at risk.

Passwords 111

Passwords Penetration Testing Cyber Attacks Risk 111

Malwarebytes

JUNE 9, 2022

After a decent amount of pressure, Owl Labs has finally released updates for vulnerabilities in Meeting Owl, and Whiteboard Owl cameras. Owl Labs makes 360-degree video conferencing equipment for classrooms and boardrooms. And these vulnerabilities were not minor. The vulnerabilities. The research.

Authentication 91

Authentication Passwords Software Wireless 91

Security Affairs

SEPTEMBER 13, 2023

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. Firefox ESR 115.2.1,

Spyware 124

Spyware Architecture Engineering Hacking 124

Penetration Testing

DECEMBER 15, 2023

Two vulnerabilities in Microsoft SharePoint Server have recently come under the spotlight, thanks to the detailed work of STAR Labs researcher Nguyễn Tiến Giang (Jang).

Penetration Testing 112

Penetration Testing 112

Penetration Testing

MARCH 28, 2024

SonicWall’s Capture Labs threat research team warns that hackers are actively exploiting a severe security flaw in the popular Progress Kemp Loadmaster application delivery controller.

Penetration Testing 64

Penetration Testing 64

Security Boulevard

APRIL 25, 2024

However, vulnerabilities in OAuth implementations can create significant security risks. Attackers have taken advantage of this by crafting specific OAuth-based attacks with continuing attempts to find additional OAuth vulnerabilities to exploit. Firstly, ChatGPT's plugin installation process was vulnerable.

Threat Detection 62

Threat Detection Accountability Risk Data breaches 62

Penetration Testing

NOVEMBER 3, 2023

Qrator Labs has published a report on DDoS attacks for the third quarter of 2023, which found the financial sector to be the most vulnerable, having been the target of 42.06% of all recorded... The post Qrator Labs’ Q3 Insight: DDoS Attacks Target Finance appeared first on Penetration Testing.

DDOS 85

DDOS Penetration Testing 85

Penetration Testing

MARCH 19, 2024

In the ever-evolving world of cybersecurity, threats emerge in various forms, preying on vulnerabilities within systems and applications.

Malware 88

Malware Penetration Testing Cybersecurity 88

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware 112

Spyware Surveillance Mobile Hacking 112

Tech Republic Security

SEPTEMBER 15, 2021

One out of every two on-premises databases has at least one vulnerability, according to a study from Imperva Research Labs.

175

175

Penetration Testing

FEBRUARY 21, 2024

A critical security vulnerability has been exposed in Progress Kemp LoadMaster, leaving your network infrastructure at grave risk.

Penetration Testing 96

Penetration Testing Risk 96

SecureWorld News

SEPTEMBER 13, 2023

Alarming details have emerged about the exploitation of two Zero-Day vulnerabilities to deploy NSO Group's Pegasus commercial spyware on iPhones. These vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061 , were actively abused as part of a zero-click exploit chain, according to security researchers at The Citizen Lab.

Spyware 103

Spyware Government Cybersecurity Backups 103

Bleeping Computer

MAY 18, 2023

LayerZero Labs has launched a bug bounty on the Immunefi platform that offers a maximum reward of $15 million for critical smart contract and blockchain vulnerabilities, a figure that sets a new record in the crypto space. [.]

111

111