vulnerable
-
Blog
Laravel admin package Voyager vulnerable to one-click RCE flaw
Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers…
Read More » -
Blog
Apple M-Series Chips Are Vulnerable to Side-Channel Attacks
Security researchers from Georgia Institute of Technology and Ruhr University Bochum discovered two side-channel vulnerabilities in devices with Apple name-brand chips from 2021 or later that could expose sensitive information to attackers. Specifically, the vulnerabilities known as SLAP and FLOP skim credit card information, locations, and other personal data. Data can be gathered from sites like iCloud Calendar, Google Maps,…
Read More » -
Blog
NAO warns that UK government doesn’t know how vulnerable its IT systems are
The cyber threat to the UK government is ‘severe and advancing quickly’, the National Audit Office (NAO) has found. It said the government’s new cyber assurance scheme, GovAssure, independently assessed 58 critical departmental IT systems last year and found significant gaps in cyber resilience. Meanwhile, there are at least 228 legacy systems in use – and the government doesn’t know…
Read More » -
Blog
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution. Risks on Moxa routers Moxa devices…
Read More » -
Blog
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin…
Read More » -
Blog
Researchers claim Fortinet’s FortiJump patch was ‘incomplete’ and left users vulnerable
Fortinet’s patch for FortiJump, a critical missing authentication RCE flaw in FortiManager, left new vulnerabilities on the table for threat actors to exploit, according to new research. A new report from watchTowr Labs described how when trying to recreate the initial FortiJump vulnerability, researchers discovered a series of additional flaws, and one they considered particularly worrying. “[We] stumbled upon a…
Read More » -
Blog
New SteelFox malware hijacks Windows PCs using vulnerable driver
A new malicious package called ‘SteelFox’ mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD. Using a vulnerable driver…
Read More » -
Blog
How Are You Vulnerable Online?
Key Takeaways Weak passwords increase vulnerability, especially if reused, which can lead to breaches across multiple accounts. Tracking by tech companies and ISPs endangers your privacy. Improper storage of documents in the cloud can put your data at risk. You’ve been warned over and over that you’re at risk while online, but what are those risks exactly? Let’s go over…
Read More » -
Blog
New Revival Hijack technique leaves 22,000 PyPi projects vulnerable to attacks
Up to 22,000 PyPI packages may be at risk of being hijacked in a newly-developed supply chain attack technique, research reveals. Security researchers at devops specialist JFrog published a blog warning developers about a new attack technique that leverages the ability to re-register popular packages once the original owner removes them from PyPI’s index. Dubbed ‘Revival Hijack’, the technique builds…
Read More »