Cybersecurity
Category Added in a WPeMatico Campaign
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat […]
The vulnerabilities are caused by heap buffer overflow weaknesses in open-source libraries used by the products, and they can lead to crashes or arbitrary code execution.
Oct 03, 2023THNArtificial Intelligence / Cyber Threat Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. “These vulnerabilities […] […]
A recent phishing campaign targeting executives in senior roles has been exploiting an open redirection vulnerability in the Indeed website, cybersecurity firm Menlo Security warns. Headquartered in the US, Indeed is a popular worldwide job search platform, which claims to have more than 350 million unique visitors each month, and more than 14,000 employees globally. […]
The notorious Lorenz ransomware group has claimed Allcare Pharmacy cyber attack. The data breach was announced by the threat actor itself on their dark web forum, adding yet another victim to its growing roster. The Allcare Pharmacy cyber attack has casted a shadow over the security of confidential information entrusted to the pharmacy. Allcare Pharmacy, […]
A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by hackers, according to both government officials and cybersecurity experts. The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 — a vulnerability affecting Google’s Chrome […]
Oct 03, 2023THNSoftware Security / Hacking Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated JavaScript file that’s […]
I. Abstract In September 2023, NSFOCUS global threat hunting system monitored several new botnet variant families developed based on Mirai, among which hailBot, kiraiBot and catDDoS are the most active, are accelerating their spread, and are widely deployed, which has constituted a considerable threat. Through this article, we will disclose the technical details of these […]
Google on Monday announced the release of patches for 51 vulnerabilities as part of the October 2023 security updates for Android, including fixes for two zero-day flaws exploited in malicious attacks. The first of the exploited issues is CVE-2023-4863 (CVSS score of 8.8), a heap buffer overflow in the Libwebp library that leads to an […]