Cybersecurity
Category Added in a WPeMatico Campaign
The vulnerabilities, collectively known as “ShellTorch,” have been patched in the latest version of TorchServe (0.8.2), hence, developers are encouraged to update to ensure their systems are secure.
LightSpy, a malware deployed in a 2020 watering hole attack against iOS users, has been found to be embedded with a set of 14 plugins that are responsible for private data exfiltration. Researchers have attributed the malware to the Chinese state-sponsored APT41 group, which previously had used DragonEgg and WyrmSpy spyware to target Android users. […]
Oct 04, 2023THNEndpoint Security / Vulnerability A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library’s ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a […]
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
Experts Discover Multiple Malicious npm Packages | Cyware Alerts – Hacker News The world of open-source software offers countless benefits to developers worldwide. However, with opportunities also come risks. The FortiGuard Labs team recently uncovered numerous malicious packages within npm, the most extensive software registry for JavaScript. This article delves deep into these packages, unveiling […]
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
The vulnerabilities are caused by heap buffer overflow weaknesses in open-source libraries used by the products, and they can lead to crashes or arbitrary code execution.
Oct 03, 2023THNArtificial Intelligence / Cyber Threat Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. “These vulnerabilities […] […]
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns. Headquartered in the US, Indeed is a popular worldwide job search platform, which claims to have more than 350 million unique visitors each month, and more than 14,000 employees globally. […]