Cyber Security Informer

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

The Hacker News

APRIL 9, 2024

The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.

Cybersecurity

CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils

Security Boulevard

APRIL 8, 2024

It supports lossless data compression on almost […] The post CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils appeared first on Kratikal Blogs. The post CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils appeared first on Security Boulevard. About XZ Utils XZ Utils is very popular on Linux.

Cyber Attacks

Industrial Control System Malware Discovered

Schneier on Security

APRIL 14, 2022

There’s also no indication of how the malware was discovered. The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. It seems not to have been used yet. More information.

Malware

Malware Government

Infoblox discovers rare Decoy Dog C2 exploit

Tech Republic Security

MAY 2, 2023

Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor. The post Infoblox discovers rare Decoy Dog C2 exploit appeared first on TechRepublic.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

By focusing on SaaS security posture management, your team can finally accomplish the following: Discover both known and unknown SaaS apps. Uncover and mitigate various security risks that put sensitive customer and business data at risk — including identifying misconfigured SaaS settings and suspicious or malicious behavior.

Risk

‘Potentially dangerous’ Office 365 flaw discovered

Tech Republic Security

JUNE 16, 2022

The post ‘Potentially dangerous’ Office 365 flaw discovered appeared first on TechRepublic. Proofpoint says the piece of functionality allows ransomware to encrypt files stored on Microsoft SharePoint and OneDrive.

Encryption

Encryption Ransomware

Google says spyware vendors behind most zero-days it discovers

Bleeping Computer

FEBRUARY 6, 2024

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. [.]

Spyware

Spyware Mobile

Discovering API secrets & endpoints using APKLeaks

Security Boulevard

MARCH 19, 2024

The post Discovering API secrets & endpoints using APKLeaks appeared first on Dana Epp's Blog. The post Discovering API secrets & endpoints using APKLeaks appeared first on Security Boulevard.

Mobile

Mobile Hacking

CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool

Penetration Testing

MARCH 29, 2024

This vulnerability could allow attackers to bypass SSH authentication on certain Linux... The post CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool appeared first on Penetration Testing. A severe backdoor vulnerability (designated CVE-2024-3094) has been unearthed in versions 5.6.0

Penetration Testing

Penetration Testing Authentication

Monetization Monitor: Software Usage Analytics 2020

Advertiser: Revenera

Discovering overuse of software (intentional or unintentional) can reduce revenue leakage, yet nearly half of suppliers are unaware of how much revenue they’re losing to piracy and overuse. They leverage software usage data to understand product usage, unlock new business models and align price with the product’s perceived value.

Software

Twelve-Year-Old Linux Vulnerability Discovered and Patched

Schneier on Security

JANUARY 31, 2022

It was discovered in October, and disclosed last week — after most Linux distributions issued patches. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal

Penetration Testing

APRIL 21, 2024

... The post CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal appeared first on Penetration Testing. Security researcher Jakob Antonsson has uncovered a critical vulnerability (CVE-2024-2796) within the Perforce Akana Community Manager Developer Portal.

Penetration Testing

Penetration Testing Software

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

JUNE 9, 2021

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker.

Malware

Critical Windows Vulnerability Discovered by NSA

Schneier on Security

JANUARY 15, 2020

It was discovered by security researchers. Interestingly, it was discovered by NSA security researchers, and the NSA security advisory gives a lot more information about it than the Microsoft advisory does. According to her, the NSA discovered this vulnerability as part of its security research. (If

Media

Media Government Software Risk

Microsoft discovers critical RCE flaw in Perforce Helix Core Server

Bleeping Computer

DECEMBER 18, 2023

Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. [.]

Government

Government Technology

Multi Vulnerabilities Discovered in VeridiumID Authentication Platform – Patch Now

Penetration Testing

APRIL 3, 2024

These vulnerabilities, if left unpatched, could allow attackers to steal sensitive user data, hijack user... The post Multi Vulnerabilities Discovered in VeridiumID Authentication Platform – Patch Now appeared first on Penetration Testing.

Authentication

Authentication Penetration Testing

New SocGholish Infection Chain Discovered

Digital Shadows

FEBRUARY 13, 2024

ReliaQuest has detected a variant of the SocGholish malware that uses Python instead of PowerShell for persistence, signaling an evolution in the TTPs of threat actors utilizing this malware.

Malware

Mac Under Attack: New Rust Backdoor Discovered!

Penetration Testing

FEBRUARY 9, 2024

The deception begins with an imitation of a Visual Studio update, a guise cleverly chosen... The post Mac Under Attack: New Rust Backdoor Discovered! This malware, coded in Rust, boasts unique features. appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Malware

ChatGPT Security: Discovering and Securing AI Tools

Security Boulevard

JUNE 16, 2023

ChatGPT security took center stage in April 2023 when Samsung employees leaked […] The post ChatGPT Security: Discovering and Securing AI Tools first appeared on Banyan Security. The post ChatGPT Security: Discovering and Securing AI Tools appeared first on Security Boulevard.

New Version of Flame Malware Discovered

Schneier on Security

APRIL 12, 2019

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. Seems that Flame did not disappear after it was discovered, as was previously thought. It has recently been linked to more modern malware through new analysis tools that find linkages between different software.

Malware

Malware Software

Spyderbat Tool Can Discover Log4j Vulnerabilities

Security Boulevard

JANUARY 5, 2022

Seth Goldhammer, vice president of product management at Spyderbat, said the command line tool scans a Linux system to discover vulnerable versions of Log4j. The post Spyderbat Tool Can Discover Log4j Vulnerabilities appeared first on Security Boulevard. These are typically harder to find.

Software

Software Malware Cybersecurity

New Linux Botnet Discovered

Heimadal Security

MARCH 16, 2022

The post New Linux Botnet Discovered appeared first on Heimdal Security Blog. The Log4j vulnerability gives threat actors the potential to take control of any Java-based, internet-facing server and launch Remote Code Execution (RCE) attacks. What Happened? A newly found botnet that […].

Internet

Internet Internet Software Cybersecurity

CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package – Passwords at Risk

Penetration Testing

MARCH 27, 2024

This package is a cornerstone of Linux operating systems, providing tools for fundamental tasks like managing... The post CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package – Passwords at Risk appeared first on Penetration Testing.

Passwords

Passwords Penetration Testing Risk

Researcher discovered a new lock screen bypass bug for Android 14 and 13

Security Affairs

DECEMBER 10, 2023

Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13.

Accountability

Accountability Hacking Mobile Information Security

USENIX Security ’23 – PatchVerif: Discovering Faulty Patches in Robotic Vehicles

Security Boulevard

APRIL 12, 2024

Berkay Celik, Antonio Bianchi, Dongyan Xu* Permalink The post USENIX Security ’23 – PatchVerif: Discovering Faulty Patches in Robotic Vehicles appeared first on Security Boulevard. Authors/Presenters: *Hyungsub Kim, Muslum Ozgur Ozmen, Z.

Discover the Consequences of a Data Breach

Security Boulevard

JANUARY 8, 2024

When personal information is discovered, it presents enormous issues to individuals and businesses. Hackers can exploit vulnerabilities offline or online, accessing you via the internet, […] The post Discover the Consequences of a Data Breach appeared first on Kratikal Blogs.

Data breaches

Data breaches Internet Internet Data privacy

USENIX Security ’23 – Discovering Adversarial Driving Maneuvers against Autonomous Vehicles

Security Boulevard

APRIL 10, 2024

Berkay Celik, Antonio Bianchi The post USENIX Security ’23 – Discovering Adversarial Driving Maneuvers against Autonomous Vehicles appeared first on Security Boulevard. Authors/Presenters: *Ruoyu Song, Muslum Ozgur Ozmen, Hyungsub Kim, Raymond Muller, Z.

Network Security

CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz

Penetration Testing

DECEMBER 4, 2023

Recently, a critical vulnerability, designated as CVE-2023-49070, has been discovered in Apache... The post CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

Cycode Discovers a Supply Chain Vulnerability in Bazel

Security Boulevard

FEBRUARY 1, 2024

Executive Summary The Cycode Research Team discovered a software supply chain vulnerability in one of Google’s open source flagship products, Bazel. Read more The post Cycode Discovers a Supply Chain Vulnerability in Bazel appeared first on Cycode. This vulnerability directly impacts the software supply.

Software

Google Discovers Massive iPhone Hack

Adam Levin

AUGUST 31, 2019

Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. The hacking campaign was active for at least two years before it was discovered by Project Zero.

Hacking

Hacking Accountability Malware Passwords

This Week in Malware – Over 50 Packages Discovered

Security Boulevard

OCTOBER 14, 2022

This week in malware, we discovered and analyzed nearly five dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries. The post This Week in Malware – Over 50 Packages Discovered appeared first on Security Boulevard.

Malware

TrickGate crypter discovered after 6 years of infections

Tech Republic Security

FEBRUARY 6, 2023

The post TrickGate crypter discovered after 6 years of infections appeared first on TechRepublic. New research from Check Point Research exposes a crypter that stayed undetected for six years and is responsible for several major malware infections around the globe.

Malware

Malware Cybersecurity

New Korplug Variant Discovered

Heimadal Security

MARCH 28, 2022

The post New Korplug Variant Discovered appeared first on Heimdal Security Blog. The Korplug RAT (also known as PlugX) is a spyware that has previously been associated with Chinese APT organizations and has been linked to targeted assaults on significant institutions in a number of different countries.

Spyware

Spyware Cybersecurity

Critical Vulnerabilities Discovered in Ivanti Connect Secure and Policy Secure

Penetration Testing

APRIL 3, 2024

These vulnerabilities, if left unpatched, could allow unauthenticated attackers to take down vital... The post Critical Vulnerabilities Discovered in Ivanti Connect Secure and Policy Secure appeared first on Penetration Testing.

Penetration Testing

Permiso Discovers Smishing Attack to Steal AWS Credentials

Security Boulevard

APRIL 14, 2023

The post Permiso Discovers Smishing Attack to Steal AWS Credentials appeared first on Security Boulevard. Nathan Eades, a threat researcher for Permiso, said cybercriminals are leveraging Simple Notification Service (SNS) to.

Social Engineering

Social Engineering Engineering Mobile Cybersecurity

New Phishing Method Discovered

Heimadal Security

FEBRUARY 23, 2022

The post New Phishing Method Discovered appeared first on Heimdal Security Blog. The attackers pose as reputable in order to trick the victims into putting their faith in them and disclosing their personal information. The information collected via phishing may be utilized for a […].

Phishing

Phishing Cyber Attacks Passwords Cybersecurity

Hello Authentication Vulnerabilities Discovered: Stay Safe

Security Boulevard

DECEMBER 5, 2023

Conducted by researchers at Blackwing Intelligence, a firm specializing in hardware and software product […] The post Hello Authentication Vulnerabilities Discovered: Stay Safe appeared first on TuxCare. The post Hello Authentication Vulnerabilities Discovered: Stay Safe appeared first on Security Boulevard.

Authentication

Authentication Software Cybersecurity Risk

CaddyWiper: New wiper malware discovered in Ukraine

We Live Security

MARCH 14, 2022

The post CaddyWiper: New wiper malware discovered in Ukraine appeared first on WeLiveSecurity. This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations.

Malware

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

JANUARY 17, 2024

The method allow to discover stealthy and poweful surveillance software like NSO Group ‘s Pegasus , Intellexa ‘s Predator , QuaDream ‘s Reign. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices.

Spyware

Spyware Mobile Malware Surveillance

New Ransomware Strain Discovered: Big Head

Heimadal Security

JULY 10, 2023

Although the variants may differ, they originate from the same threat actor, and this ransomware is still a work in progress, aiming to optimize […] The post New Ransomware Strain Discovered: Big Head appeared first on Heimdal Security Blog.

Ransomware

Ransomware Malware Cybersecurity

Ditch the Passwords: Discover the Magic of WebAuthn and Passkeys

Security Boulevard

JANUARY 8, 2024

Discover the future of secure and innovative authentication with WebAuthn. The post Ditch the Passwords: Discover the Magic of WebAuthn and Passkeys appeared first on Security Boulevard. Say goodbye to passwords and hello to passwordless auth and passkeys.

Passwords

Passwords Authentication

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

The Hacker News

AUGUST 2, 2023

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0)

Mobile

Mobile Software Cybersecurity

Patch Alert! Critical Command Injection Flaw Discovered in NAS Devices

Heimadal Security

JUNE 21, 2023

Zyxel announced patches are available and should be applied immediately for the newly discovered vulnerability CVE-2023-27992. Critical Command Injection Flaw Discovered in NAS Devices appeared first on Heimdal Security Blog. More about CVE-2023-27992 According to the Common Vulnerability Scoring System (CVSS), the flaw was marked 9.8,

Authentication

Authentication Cybersecurity

Attackers can discover IP address by sending a link over the Skype mobile app

Security Affairs

AUGUST 28, 2023

A security researcher demonstrated how to discover a target’s IP address by sending a link over the Skype mobile app. The security researcher Yossi discovered that is possible to discover a target’s IP address by sending a link over the Skype mobile app. The problem only impacts the Skype mobile app.

Mobile

Mobile Media VPN Risk

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils

Trending Sources

Industrial Control System Malware Discovered

Infoblox discovers rare Decoy Dog C2 exploit

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

‘Potentially dangerous’ Office 365 flaw discovered

Google says spyware vendors behind most zero-days it discovers

Discovering API secrets & endpoints using APKLeaks

CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool

Monetization Monitor: Software Usage Analytics 2020

Twelve-Year-Old Linux Vulnerability Discovered and Patched

CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Critical Windows Vulnerability Discovered by NSA

Microsoft discovers critical RCE flaw in Perforce Helix Core Server

Multi Vulnerabilities Discovered in VeridiumID Authentication Platform – Patch Now

New SocGholish Infection Chain Discovered

Mac Under Attack: New Rust Backdoor Discovered!

ChatGPT Security: Discovering and Securing AI Tools

New Version of Flame Malware Discovered

Spyderbat Tool Can Discover Log4j Vulnerabilities

New Linux Botnet Discovered

CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package – Passwords at Risk

Researcher discovered a new lock screen bypass bug for Android 14 and 13

USENIX Security ’23 – PatchVerif: Discovering Faulty Patches in Robotic Vehicles

Discover the Consequences of a Data Breach

USENIX Security ’23 – Discovering Adversarial Driving Maneuvers against Autonomous Vehicles

CVE-2023-49070: Critical Pre-auth RCE Vulnerability Discovered in Apache OFBiz

Cycode Discovers a Supply Chain Vulnerability in Bazel

Google Discovers Massive iPhone Hack

This Week in Malware – Over 50 Packages Discovered

TrickGate crypter discovered after 6 years of infections

New Korplug Variant Discovered

Critical Vulnerabilities Discovered in Ivanti Connect Secure and Policy Secure

Permiso Discovers Smishing Attack to Steal AWS Credentials

New Phishing Method Discovered

Hello Authentication Vulnerabilities Discovered: Stay Safe

CaddyWiper: New wiper malware discovered in Ukraine

iShutdown lightweight method allows to discover spyware infections on iPhones

New Ransomware Strain Discovered: Big Head

Ditch the Passwords: Discover the Magic of WebAuthn and Passkeys

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Patch Alert! Critical Command Injection Flaw Discovered in NAS Devices

Attackers can discover IP address by sending a link over the Skype mobile app

Stay Connected