-
GitHub rotates keys to mitigate impact of credential-exposing flaw
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.
- January 16, 2024
- 05:19 PM
0
-
PixieFail flaws impact PXE network boot in enterprise systems
A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.
- January 16, 2024
- 12:19 PM
0
-
Atlassian warns of critical RCE flaw in older Confluence versions
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
- January 16, 2024
- 10:17 AM
- 0
-
GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users.
- January 14, 2024
- 10:32 AM
- 3
-
GitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
- January 12, 2024
- 12:54 PM
- 0
-
Ivanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.
- January 12, 2024
- 10:30 AM
- 0
-
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
- January 11, 2024
- 04:54 PM
- 1
-
CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
- January 09, 2024
- 02:32 PM
- 0
-
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.
- January 09, 2024
- 02:05 PM
- 5
-
Nearly 11 million SSH servers vulnerable to new Terrapin attacks
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
- January 03, 2024
- 10:06 AM
- 0
-
CISA warns of actively exploited bugs in Chrome and Excel parsing library
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.
- January 03, 2024
- 07:55 AM
- 0
-
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.
- December 28, 2023
- 11:20 AM
- 0
-
iPhone Triangulation attack abused undocumented hardware feature
The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.
- December 27, 2023
- 09:14 AM
- 1
-
Fake F5 BIG-IP zero-day warning emails push data wipers
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
- December 20, 2023
- 04:52 PM
- 1
-
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
- December 19, 2023
- 12:03 PM
- 0
-
Microsoft discovers critical RCE flaw in Perforce Helix Core Server
Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors.
- December 18, 2023
- 03:49 PM
- 0
-
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm.
- December 16, 2023
- 11:17 AM
- 0
-
CISA urges tech manufacturers to stop using default passwords
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords.
- December 15, 2023
- 02:01 PM
- 1
-
Sponsored Content
Protect your Active Directory from these Password-based Vulnerabilities
To safeguard against potential cyberattacks and outages, it is essential to be vigilant against common Active Directory attacks, Learn more from Specops Software about these attacks and how harden your defenses.
- December 14, 2023
- 10:02 AM
- 0
-
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
- December 13, 2023
- 11:19 AM
- 1
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 9.0.3.0106,396 Downloads
-
Version: 18.0.7.562,878 Downloads
-
Version: 8.4.0.056M+ Downloads
-
Version: 5.1.25M+ Downloads
-
Version: 4.14.12M+ Downloads
