exploits

Blog
digitpatrox3 weeks ago
29

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

The recently uncovered ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware. This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks. Bootkitty and LogoFAIL connection Bootkitty was discovered by ESET, who published a report last…
Read More »
Blog
digitpatroxNovember 15, 2024
39

Botnet exploits GeoVision zero-day to install Mirai malware

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute arbitrary system commands…
Read More »
Blog
digitpatroxAugust 31, 2024
93

Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors

The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. The activity was discovered by Google’s Threat Analysis Group (TAG), who said the n-day flaws have already been patched but remain effective on devices that have not been…
Read More »
Blog
digitpatroxAugust 29, 2024
104

Malware exploits 5-year-old zero-day to infect end-of-life IP cameras

Image: Midjourney The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. The flaw, discovered by Akamai’s Aline Eliovich, is tracked as CVE-2024-7029 and is a high-severity (CVSS v4 score: 8.7) issue in the “brightness” function of the cameras,…
Read More »
Blog
digitpatroxAugust 20, 2024
102

Hackers are flocking to a new SMS spam tool – ‘Xeon Sender’ exploits cloud APIs and exposed credentials to supercharge phishing campaigns

Security researchers have issued a warning over a phishing tool that threat actors can use via SaaS providers to send spam messages en-masse. The tool, dubbed ‘Xeon Sender’ by SentinelLabs, is a cloud-based attack tool that can send spam messages via nine different SaaS providers. The tool is also known by alternative names, including ‘XeonV5’ and ‘SVG Sender’. It’s built…
Read More »

exploits

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

Botnet exploits GeoVision zero-day to install Mirai malware

Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors

Malware exploits 5-year-old zero-day to infect end-of-life IP cameras

Hackers are flocking to a new SMS spam tool – ‘Xeon Sender’ exploits cloud APIs and exposed credentials to supercharge phishing campaigns

TCL’s new AI short films range from bad comedy to existential horror

How to Get the Crystalized Rod in Fisch Roblox

My Favorite Amazon Deal of the Day: The Sony WH-1000XM5 Headphones

Automatic emergency braking is getting better at preventing crashes

How to Download Free VMware Workstation Pro 17 and VMware Fusion 13 Pro Installer from Broadcom

Genshin Impact & HSR Are Gifting 1000 Free Primogems and Stellar Jades: Here’s How to Get

I finally got a Steam Deck and I like it even better than my Nintendo Switch — here’s why

Android malware found on Amazon Appstore disguised as health app

ModRetro Chromatic review: an arms dealer’s Game Boy is among the best ever made

How to enable Do Not Track on your web browser for Windows

Best New-Car Deals – Consumer Reports

How to manage a road trip move