vulnerability
Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced…
Featured Article
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit
Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw. The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and…
Fertility tracker Glow fixes bug that exposed users’ personal data
A bug in the online forum for the fertility tracking app Glow exposed the personal data of around 25 million users, according to a security researcher. The bug exposed users’…
Researchers say attackers are mass-exploiting new Ivanti VPN flaw
Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws…
Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’
A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability…
Featured Article
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023
This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file-transfer tools to compromise thousands of organizations, ransomware gangs adopt aggressive new tactics aimed at…
Featured Article
Security flaws in court record systems used in five US states exposed sensitive legal documents
Witness lists and testimony, mental health evaluations, detailed allegations of abuse and corporate trade secrets. These are some of the sensitive legal court filings that security researcher Jason Parker said they found exposed to the open internet for anyone to access, and from none other than the judiciaries themselves. At the heart of any judiciary…
Atlassian urges customers to take ‘immediate action’ to protect against data-loss security bug
Australian software giant Atlassian has warned of a critical security flaw that could lead to “significant data loss” for customers, just weeks after state-backed hackers targeted its products. In an…
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
Cybercriminals are exploiting a zero-day vulnerability in WinRAR, the venerable shareware archiving tool for Windows, to target traders and steal funds. Cybersecurity company Group-IB discovered the vulnerability, which affects the…
Ivanti warns customers another zero-day is under active attack
U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack. The vulnerability, tracked as CVE-2023-38035 with a vulnerability severity rating of 9.8 out of 10, affects…
CISA says hackers are exploiting a new file transfer bug in Citrix ShareFile
Hackers are exploiting a newly discovered vulnerability in yet another enterprise file transfer software, the U.S. government’s cybersecurity agency has warned. CISA on Wednesday added a vulnerability in Citrix ShareFile,…
Ivanti rushes to patch zero-day used to breach Norway’s government
Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software to compromise a dozen Norwegian government agencies — and thousands of other organizations could also be at risk. The…
A simple bug exposed access to thousands of smart security alarm systems
U.S. power and electronics giant Eaton has fixed a security vulnerability that allowed a security researcher to remotely access thousands of smart security alarm systems. Security researcher Vangelis Stykas said…
Barracuda urges customers to remove and replace vulnerable hardware exploited by hackers
Barracuda Networks has told customers they must replace vulnerable email gateway appliances following the disclosure of a critical security flaw. The technology company, which provides security, networking and storage products,…
Hackers launch another wave of mass-hacks targeting company file transfer tools
Security researchers are sounding the alarm after hackers were caught exploiting a newly discovered vulnerability in a popular file transfer tool used by thousands of organizations to launch a new…
Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data
The U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive…
PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers
Print management software maker PaperCut says attackers are exploiting a critical-rated security vulnerability to gain access to unpatched servers on customer networks. PaperCut offers two print management products, PaperCut NG…
Microsoft patches Windows zero-day bug used in ransomware attacks
Microsoft has patched a zero-day vulnerability affecting all supported versions of Windows, which researchers say hackers exploited to launch ransomware attacks. Microsoft said in a security alert on Tuesday that…
Hatch Bank says hackers used Fortra bug to steal 140,000 customer Social Security numbers
Hatch Bank, a digital-first bank that provides infrastructure for fintech companies offering their own brand credit cards, confirmed hackers exploited a zero-day vulnerability in the company’s internal file transfer software…
Security researchers say they have uncovered a “new class” of vulnerabilities that could allow attackers to bypass Apple’s security protections in iOS and macOS to access users’ sensitive data. Trellix’s…
Apple releases new fix for iPhone zero-day exploited by hackers
Apple on Monday released a new version of the iPhone and iPad’s operating systems to fix a vulnerability that hackers were exploiting in the wild, meaning they were taking advantage…
Apple fixes bug that let malicious apps skirt macOS’ security protections
Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware. The flaw, tracked as CVE-2022-42821, was first…
Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug
The vulnerability in the door entry security system, used in government buildings and apartment complexes, cannot be fixed.
A bug in Abode’s home security system could let hackers remotely switch off cameras
A security vulnerability in Abode’s all-in-one home security system could allow malicious actors to remotely switch off customers’ security cameras. Abode’s Iota All-In-One Security Kit is a DIY home security…
WhatsApp fixes ‘critical’ security bug that put Android phone data at risk
WhatsApp has published details of a “critical”-rated security vulnerability affecting its Android app that could allow attackers to remotely plant malware on a victim’s smartphone during a video call. Details…
Microsoft patches a new zero-day affecting all versions of Windows
Microsoft has released security fixes for a zero-day vulnerability affecting all supported versions of Windows that has been exploited in real-world attacks. The zero-day bug, tracked as CVE-2022-37969, is described…
Apple releases iOS and macOS fixes to patch a new zero-day under attack
Apple has released another round of security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by attackers. The zero-day flaw, tracked…
Twitter fixes security bug that exposed at least 5.4 million accounts
Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts, which were listed for sale on a known cybercrime forum.…
Security flaws in a popular GPS tracker are exposing a million vehicle locations
Security vulnerabilities in a popular Chinese-built GPS vehicle tracker can be easily exploited to track and remotely cut the engines of at least a million vehicles around the world, according…
Attack surface management platform RapidFort raises $8.5M seed round
RapidFort, a startup that helps developers reduce the potential attack surface of their applications by automatically removing unused software components from their containers, today announced that it has raised an…