SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as CVE-2021-20019 (CVSS scoreSource...

Continuar lendo

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential forSource...

Continuar lendo

Wormable DarkRadiation Ransomware Targets Linux and Docker Instances

Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers fromSource...

Continuar lendo

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. <!--adsense--> Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series,Source...

Continuar lendo

5 Critical Steps to Recover From a Ransomware Attack

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting theirSource...

Continuar lendo

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps

A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection bySource...

Continuar lendo

Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou, who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name "%p%s%s%s%s%n" even after rebooting the phone or changingSource...

Continuar lendo

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "Source...

Continuar lendo

North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute

South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which — "27.102.114[.]89Source...

Continuar lendo

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN andSource...

Continuar lendo