F5, a cloud security and application delivery network (ADN) provider, released updates on Wednesday to fix 43 problems across its products. One issue is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated Low in…
A pre-authenticated remote code execution flaw has been revealed in dotCMS, an open-source content management system written in Java and “used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses.” The…
Proofpoint has identified a new malware loader known as Bumblebee. At least three different threat clusters tied to ransomware operations employ the loader. More details Bumblebee was most likely created by the Conti gang to replace the BazarLoader backdoor (aka…
Cybersecurity researchers have uncovered an unpatched flaw that could be a potential threat to IoT products. The flaw, originally reported in September 2021, plagues the Domain Name System (DNS) implementation of two well-known C libraries called uClibc and uClibc-ng that…
Google has rolled out the first developer preview for the Android 13 privacy sandbox. You can get an “early look” into the SDK Runtime and Topics API to fortify users’ privacy online. “The Privacy Sandbox on Android Developer Preview program…
Amid escalating tensions between Russia and the United States, the legendary REvil ransomware operation has resurfaced, armed with new infrastructure and a tweaked encryptor that allows for more targeted attacks. The REvil ransomware group was shut down in October when…
CERT-In, India’s computer and emergency response organisation, released new guidelines on Thursday that service providers, intermediaries, data centres, and government institutions should disclose cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data centre, body corporate, and…
On Thursday, Microsoft said it had patched a pair of flaws with the Azure Database for PostgreSQL Flexible Server that can lead to unauthorised cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server…
Instead of encrypting files larger than 2MB, a new Onyx ransomware operation is destroying them, preventing them from being decrypted even if a ransom is paid. MalwareHunterTeam, a security research firm, found Onyx, a new ransomware operation, last week. Onyx…
The US Cybersecurity and Infrastructure Security Agency (CISA) has included seven new vulnerabilities to its list of actively exploited security concerns, including Microsoft, Linux, and Jenkins vulnerabilities. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been…
