Vulnerability

New Migo malware disables protection features on Redis servers

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called ‘Migo’ to mine for cryptocurrency. Redis (Remote Dictionary Server) is an in-memory data structure store used as a database, cache, and message broker known for its high performance, serving thousands of requests per second for real-time […]

New Migo malware disables protection features on Redis servers Read More »

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones

A team of academic researchers show that a new set of attacks called ‘VoltSchemer’ can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be used to cause physical damage to the mobile device and to heat items close to the charger to a

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones Read More »

VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in (EAP) enables seamless login to vSphere’s management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems. VMware

VMware urges admins to remove deprecated, vulnerable auth plug-in Read More »

Ethercat Zeek Plugin | CISA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CISA Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Plugin for Zeek Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GitHub

Ethercat Zeek Plugin | CISA Read More »

Mitsubishi Electric Electrical Discharge Machines

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the

Mitsubishi Electric Electrical Discharge Machines Read More »

Commend WS203VICM | CISA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Commend Equipment: WS203VICM Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Commend WS203VICM | CISA Read More »

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on February 20, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. This content is being syndicated from Source link for documentation purpose. If

CISA Releases Three Industrial Control Systems Advisories Read More »

Ransomware Groups, Targeting Preferences, and the Access Economy

How do ransomware groups pick their targets? It’s a rhetorical question: in the vast majority of cases they don’t. Ransomware-as-a-service (RaaS) platforms and ransomware affiliate ecosystems do not operate alone, but instead, they rely on a sophisticated cybercrime supply chain that enables access to corporate IT environments. Ransomware groups and affiliates in many cases don’t

Ransomware Groups, Targeting Preferences, and the Access Economy Read More »

Police arrest LockBit ransomware members, release decryptor in global crackdown

Update February 20, 07:21 EST: Article updated with further details on the operation. Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang’s servers in an international crackdown operation. French and U.S. judicial

Police arrest LockBit ransomware members, release decryptor in global crackdown Read More »

Police arrests LockBit ransomware members, release decryptor in global crackdown

Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang’s servers in an international crackdown operation. French and U.S. judicial authorities also issued three international arrest warrants and five indictments targeting

Police arrests LockBit ransomware members, release decryptor in global crackdown Read More »

Scroll to Top