Can web browsers protect us, even if it is HTTPS? Maybe yes, but not with the novel BitB attack, which fakes us by a popup SSO window to phish the credentials for Google, Facebook, and Microsoft. Before clicking wily-nily on…
Latest posts - Page 67
Gh0stCringe Targets Weakly Configured Microsoft SQL, MySQL Servers
Researchers have identified that the actors behind the Gh0stCringe remote access trojan are targeting Microsoft SQL and MySQL database servers. Gh0stCringe, which is thought to be active since 2018, is a known variant of Gh0st RAT malware. A recent report…
Dell BIOS bugs impact millions of Inspiron, Vostro, XPS, Alienware systems.
Five new vulnerabilities have been found in Dell BIOS; if the vulnerabilities are successfully exploited, the systems can have codes executed remotely. The Dell vulnerability is another firmware vulnerability recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware…
iPhone feature being used in “CryptoRom” scam
Social engineering attacks have been using romantic traps and cryptocurrency tricks to lure victims into installing duplicate apps. These attacks use legitimate iOS features like TestFlight and Web Clips to get into the system. Sophos, a cybersecurity company, has called…
Attackers can get out of Kubernetes containers because of a vulnerability in CRI-O engine
Attackers can exploit a previously unknown security vulnerability in the Kubernetes container engine CRI-O labelled cr8escape. The attacker can exploit the vulnerability to escape the container and get root access to the host. “Invocation of CVE-2022-0811 can allow an attacker…
Watch Out! Threat actors are spreading the BazarLoader malware via website contact forms
Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms rather than typical phishing emails to evade detection by security software. The backdoor malware is developed by the TrickBot group and has been…
Attackers Crash Remote Servers with New Infinite Loop Bug in OpenSSL
The maintainers of OpenSSL have dispatched patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a…
Several flaws detected in the ClickHouse OLAP database system
Researchers have found seven new security vulnerabilities in an open-source database management system solution called ClickHouse. The vulnerabilities could be exploited to strike the servers, leak memory contents, and execute arbitrary code. “The vulnerabilities require authentication, but can be triggered…
Software development and in-security go together
Checkmarx rolled out its UK report; the report states around 45% of organisations had to put up with at least two security breaches because of a vulnerable application. Further, 34% of the organisations that had a cybersecurity breach relating to…
Emotnet Trojan resurrected, and it’s causing havoc
Emotnet trojan, one of the most infamous malware campaigns, has rekindled and is causing more damage than ever. In January 2021, law enforcement authorities globally had curbed the trojan’s operations by pulverising its C2 infrastructures. What appeared as the end…