A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
On cybercrime forums, user complaints about being duped may accidentally expose their real identities.
Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.
Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.
Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.
A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.
Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.
Shipping information and order details of thousands of customers worldwide were leaked in September 2020.
Read more at straitstimes.com.
Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.
MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).
Since at least 2017 MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.
APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.
Leaked: The Altrnativ world of cybersurveillance About this series: As co-founder of the French search engine Qwant, Eric Leandri was heralded as a champion of digital privacy and an example of Eur…
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
BMC&C Eclypsium Research has discovered and reported 3 vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products. Server manufacturers…
FortiGuardLabs examines a botnet known as Zerobot written in the Go language targeting IoT vulnerabilities. Read our blog to learn about how it evolves, including self-replication, attacks for different protocols, and self-propagation as well as its behavior once inside an infected device.
Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.
The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.
