A new phishing campaign using SVCReady, a known malware, has been observed. “The malware is notable for the unusual way it is delivered to…
Vulnerabilities
Microsoft Office flaw identified by researchers
A zero-day flaw in Microsoft Office has caught the attention of cybersecurity researchers; the flaw can be exploited to execute arbitrary code in affected…
Zyxel rolls out patches for critical firewall OS command injection vulnerability
Zyxel has patched a serious flaw plaguing Zyxel firewall devices, which allows unauthenticated and remote attackers to execute code arbitrarily. “A command injection vulnerability…
RedLine Stealer infecting computers as part of New Rig Exploit Kit campaign
Attackers are planting RedLine Stealer trojan using an exploit kit. The attackers are taking advantage of an Internet Explorer flaw which was fixed by…
Cryptocurrency miners have Dockers, AWS and Alibaba cloud in their crosshair
LemonDuck, a cross-platform cryptocurrency mining botnet, is attacking Docker to steal cryptocurrency on Linux systems. The attacks form part of a bigger malware campaign.…
Elementor, a WordPress website builder plugin, plagued with a vulnerability
Elementor, a WordPress website builder plugin that has more than five million active installations, has a vulnerability that can lead to authenticated remote code…
SQL injection protection in ImpressCMS could be evaded to execute RCE
Vulnerabilities found in ImpressCMS can allow an unauthorised attacker to circumvent the software’s SQL injection safeguards to execute codes remotely or Remote code execution…
iPhone feature being used in “CryptoRom” scam
Social engineering attacks have been using romantic traps and cryptocurrency tricks to lure victims into installing duplicate apps. These attacks use legitimate iOS features…
Attackers can get out of Kubernetes containers because of a vulnerability in CRI-O engine
Attackers can exploit a previously unknown security vulnerability in the Kubernetes container engine CRI-O labelled cr8escape. The attacker can exploit the vulnerability to escape…
Several flaws detected in the ClickHouse OLAP database system
Researchers have found seven new security vulnerabilities in an open-source database management system solution called ClickHouse. The vulnerabilities could be exploited to strike the…