Unauthorized attackers were able to access backups thanks to serious security flaws in Fujitsu’s cloud storage infrastructure. The flaw specifically affected the FUJITSU ETERNUS CS8000 Control Center, which was fortunately patched after the bug was reported. As a result, users…
Latest posts - Page 55
Apple M1 CPUs have a new flaw that can’t be patched, according to MIT researchers
A new hardware attack known as PACMAN has been shown against Apple’s M1 processor chipsets, potentially allowing a destructive actor to get arbitrary code execution on macOS machines. In a new study, MIT scientists Joseph Ravichandran, Weon Taek Na, Jay…
Vulnerabilities plaguing Mitel IP phones
Cybersecurity researchers have shared details of two medium-security vulnerabilities in Mitel 6800/6900 desk phones, and if the vulnerabilities are successfully exploited, the attackers can get root privileges on the devices. The flaws were called CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8);…
AvosLocker and Cerber2021 ransomware were installed on Confluence servers
For first access to corporate networks, ransomware gangs are now targeting a newly patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances. This OGNL injection vulnerability (CVE-2022-26134) allows unauthenticated attackers to remotely…
Researchers identify flaws in Carrier’s Industrial Access Control System
At least 8 vulnerabilities have been discovered in Carrier’s LenelS2 HID Mercury access control system; The system is prevalent in healthcare, education, transportation and government sector. “The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock…
A large-scale Facebook accounts phishing attack was uncovered by PIXM
As phishing attempts continue to be a popular target for cybercriminals, one scam discovered that a user had acquired a million Facebook account credentials in just four months. Anti-phishing firm PIXM discovered that a fake Facebook login gateway was being…
Onapsis Research Labs has discovered three actively exploited SAP vulnerabilities
The Onapsis Research Labs keep a close eye on the changing threat landscape in order to better understand how commercial software like SAP and Oracle are being targeted. Our in-depth analysis enables the Onapsis Research Labs to uncover new threats,…
Infected CCleaner search results propagate malware that steals personal information
Through search results for a pirated edition of the CCleaner Pro Windows optimization tool, malware that steals your passwords, credit cards, and crypto wallets is being marketed. This new malware distribution effort, called “FakeCrack,” was uncovered by Avast analysts, who…
Emotnet stealing credit card data from Google Chrome
The infamous Emotnet malware has been deploying a new module to steal credit card information stored in the Chrome web browser. The credit card stealer, which only targets Chrome, can exfiltrate the collected information to different remote command-and-control (C2) servers,…
U.S agencies alerts of Chinese attackers targeting Telecoms and Network service providers
U.S cybersecurity and intelligence agencies have cautioned about Chinese-state-sponsored cyber actors exploiting network vulnerabilities to public and private sector organizations since at least 2020. The prevalent intrusion campaigns exploit publicly known flaws in network devices like Small Office/Home Office (SOHO)…