US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency added the recently disclosed remote code execution bug, tracked as CVE-2022-30525, affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts recommend also private organizations review the Catalog and...
More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information. “Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants,” Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a new report. “Since its discovery, the spyware has continuously beleaguered Google Play.” Facestealer, first documented by Doctor Web in July 2021, refers to a group of fraudulent apps that invade the official app marketplace for Android with the...
HACKER Group Killnet have announced global cyber attacks against a number of countries – including the UK – for standing up to Vladimir Putin’s war in Ukraine. The other countries being targeted by the Russia-linked group are the US, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland and Ukraine. The hacktivists claimed to have disrupted the infrastructure of Italy’s State Police anti-cyber crime arm after it thwarted hacking attempts on the Eurovision Song Contest. Hackers from the Killnet group announced in the early hours of Monday morning that claims made...
The company’s transactional platforms were unavailable for a week following the incident in February. Brazilian e-commerce conglomerate Americanas.com reported a multimillion-dollar loss in sales in its financial results on Friday after a major cyberattack earlier this year. The company lost 923 million Brazilian reais ($183 million) in sales after two attacks that took place between February 19 and 20 and rendered its e-commerce operation unavailable. According to the company, physical stores continued to operate and the logistics arm of the company continued to deliver orders placed after the event....
SentinelOne disclosed two high-severity vulnerabilities – tracked as CVE-2022-26522 and CVE-2022-26523 – that went undiscovered for years and affect the “Anti Rootkit” driver in security products from Avast and AVG. The two anti-virus companies joined forces in 2016 when Avast bought AVG for about $1.3 billion. NortonLifeLock announced in 2021 that it reached an agreement to merge with the Czech antivirus maker in a stock-based deal that could be worth between $8.1 billion to $8.6 billion. On December 20, SentinelOne notified Avast of the two vulnerabilities that could lead to privilege escalation “by running code in the...
Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. “A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device,” the company said in an advisory published Thursday. Cybersecurity firm Rapid7, which discovered and reported the flaw on April 13, 2022, said that the weakness could permit a remote unauthenticated adversary to execute code as the “nobody” user on...
Codenotary announced the addition of the free background vulnerability scanning service combined with a free and open source Community Attestation Service (CAS) code signing and attestation service to further secure open source supply chains. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. The addition of a free vulnerability service to CAS allows cloud native and open source projects to better secure their projects. This additional service scans assets (based on the hashes uploaded) for any known...
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. “Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory published on May 6, 2022. RubyGems, like npm for JavaScript and pip for Python, is a package manager and a gem hosting service for the Ruby...
Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. Last week security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. The company addressed a total of 43 vulnerabilities, the most severe one is a critical issue tracked as CVE-2022-1388 (CVSS score of 9.8). An unauthenticated attacker with network access to the BIG-IP system through the management...
Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site Hacktivists and white hat hackers continue to support Ukraine against the Russian invasion, in a recent attack, they defaced Russian TV with anti-war messages and took down the RuTube video streaming site. The attack took place during Russia’s Victory Day, Russians attempting to view the parade were displayed Pro-Ukraine messages due to a cyber attack that impacted the Russian TV listings systems. According to the BBC, the coordinated attack affected major Russian...
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.