Attackers can exploit a previously unknown security vulnerability in the Kubernetes container engine CRI-O labelled cr8escape. The attacker can exploit the vulnerability to escape the container and get root access to the host. “Invocation of CVE-2022-0811 can allow an attacker…
Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms rather than typical phishing emails to evade detection by security software. The backdoor malware is developed by the TrickBot group and has been…
The maintainers of OpenSSL have dispatched patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a…
Researchers have found seven new security vulnerabilities in an open-source database management system solution called ClickHouse. The vulnerabilities could be exploited to strike the servers, leak memory contents, and execute arbitrary code. “The vulnerabilities require authentication, but can be triggered…
Checkmarx rolled out its UK report; the report states around 45% of organisations had to put up with at least two security breaches because of a vulnerable application. Further, 34% of the organisations that had a cybersecurity breach relating to…
Emotnet trojan, one of the most infamous malware campaigns, has rekindled and is causing more damage than ever. In January 2021, law enforcement authorities globally had curbed the trojan’s operations by pulverising its C2 infrastructures. What appeared as the end…
Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of…
NVIDIA an American chipmaking company, on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling…
The U.S. Senate unanimously passed the “Strengthening American Cybersecurity Act” on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident…
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.The TeaBot banking trojan – also known as Anatsa – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept…
