Tag Archives: Vulnerability
New UEFI Bootkit called MoonBounce
Researchers have discovered a sophisticated new type of malware that targets UEFI and its called MoonBounce. The Bootkit or also known as rootkit malware is suspected to be associated with (advanced persistent threat 41). APT41 is a group of hackers who have been robbing businesses for many years. Researchers at Kaspersky Labs discovered a new…
Microsoft Warns Log4j Flaw Attacks Remain High
Microsoft has warned that Windows and Azure customers should be on high alert after spotting state-sponsored and cyber-criminal hackers probing systems for a flaw in the Log4j. Microsoft says it spotted attackers using the Log4j flaw through December. The Apache open source project disclosed on December 9 and will likely take a long time to…
Windows Zero-Day Allows Privileged File Access
A Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, but there is a way to protect yourself. A micropatch has been rolled out as a stop-gap measure. Security researcher Abdelhamid Naceri reported a bug in Microsoft’s…
Hashthemes Demo Importer WordPress Plugin Vulnerability
The Hashthemes Demo Importer and is found in more than 8,000 blogs, according to researchers at Wordfence. It’s a high-severity security flaw. This WordPress plugin is designed to import demo content from HashThemes.com. However, it’s possible for subscribers to use the demo importer as a tool to wipe out content on any WordPress site. The…
Apple users to update immediately. Apple Zero-Click Exploit
The Citizen Lab has discovered a zero-click zero-day flaw in all Apple products. The new zero-day flaw is called ForcedEntry, and it affects iPhones, iPads, Macs, Apple Watches, and even AirPods. Citizen Lab urges all Apple users to update their devices immediately. Apple released a Security update on Monday. The iOS 14.8 for iPhones and…
Microsoft Office 0-day Vulnerability
On Tuesday, Microsoft revealed an alarming vulnerability in Internet Explorer, a bug that is being used to harm Windows users. The attack is enabled by a weaponized Office file and works like this: A victim receives an email with a link to a Word document inside. It is very important that you do not click…
WhatsApp Photo Filter Security Flaw
Users should be careful about the pictures they view on WhatsApp. If a user receives a picture from a malicious third party, the picture could be edited in such a way that the app could read sensitive data from the memory of the app. In addition, users should update their apps to get the latest…
Vulnerability in Cisco Small Business Switches
Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches. These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the…
SSL VPN Attacks Up Nearly 2000%
A recent report published by Nuspire outlined what activity cyber criminals have been up to. SSL VPN attacks have gone up nearly 2000%. Increase in VPN attacks In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat…
Polkit vulnerability provides local privilege escalation bypass
Many of the Linux distros are vulnerable to the Polkit exploit. This vulnerability provides a local privilege escalation bypass. A hacker can easily obtain root access with this vulnerability. The vulnerability was recently discovered by GitHub Security Lab security researcher Kevin Backhouse. The vulnerability CVE-2021-3560 was publicly disclosed, and a fix was released on June 3, 2021. Make sure…
Loading ...