Customers of QNAP have been informed today that certain Network Attached Storage (NAS) devices (with non-default configurations) are susceptible to attacks that would take advantage of a serious, three-year-old PHP bug that permits remote code execution. “Versions of PHP 7.1.x…
Mega’s encryption system has been found to have serious weaknesses that allow services to view your data. Mega, a cloud storage service with 250 million registered users and 120 billion files stored across 1,000 petabytes of storage, was launched ten…
The infamous Israeli surveillance ware vendor NSO Group accepted that five countries used its Pegasus tool. The acceptance was in response to a question asked by European Union lawmakers. “We’re trying to do the right thing and that’s more than…
According to a security researcher, flaws in the online interface of Jacuzzi’s SmartTub app could have allowed an attacker to view and perhaps change personal data of hot tub owners. SmartTub also has a module that sits inside hot tubs…
We recently noticed a month-long AvosLocker promotion during a client engagement. Cobalt Strike, Sliver, and various commercial network scanners were among the tools used by the attackers. Two VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell served as…
A Magecart skimming campaign, recently discovered, was traced back to an earlier attack in November 2021. Two malware domains have been tracked for hosting credit card skimmer code in the light of the Magecart campaign. It appears these domains are…
Flagstar Bank is informing 1.5 million customers of a data breach wherein hackers acquired data. The cyberattack happened in December last year. Flagstar, a Michigan-based financial services provider and one of the largest banks in the United States, has total…
The threat actor responsible for the BRATA banking trojan has refined their tactics and enhanced the malware with data-stealing capabilities. Cleafy, an Italian mobile security company, has been tracking BRATA activity and has noticed changes in the most recent campaigns…
Learn about the emerging threats to SaaS security and how different firms are addressing them. In partnership with CSA, the 2022 SaaS Security Survey Report explores the state of SaaS security as seen by CISOs and security professionals in today’s…
WordPress websites using a popular plugin named Ninha Forums have been automatically updated to fix a critical flaw, and the flaw has been widely exploited in the wild. The problem comes from code injection and is rated 9.8 out of…
