Malware Redirects 15,000 Sites in Malicious SEO Campaign
Campaign designed to improve search engine rankings of spammy sites
Cyber News, Cyber Threat Trends
- November 10, 2022
High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. “Attackers can exploit this flaw to gain […]
Cyber News, Cyber Threat Trends
- November 10, 2022
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. “The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS,” Slovak cybersecurity firm ESET explained in a series of tweets. […]
Cyber News, Cyber Threat Trends
- November 10, 2022
Emergency code execution patch from Apple – but not an 0-day
Not a zero-day, but important enough for a quick-fire patch to one system library…
Cyber News, Cyber Threat TrendsSmashing Security podcast #297: Mastodon 101, and the Hushpuppi saga
Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Cyber News, Cyber Threat Trends
- November 9, 2022
Okta streamlines IAM portfolio with consumer identity management cloud
Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products. Okta said that the new cloud program is split into two main components—those aimed at providing identity […]
Cyber News, Cyber Threat Trends
- November 9, 2022
GitHub releases new SDLC security features including private vulnerability reporting
GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world’s leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for […]
Cyber News, Cyber Threat Trends
- November 9, 2022
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades […]
Cyber News, Cyber Threat TrendsMalicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub
The findings indicate that PyPI malicious packages and their obfuscation techniques are evolving
Cyber News, Cyber Threat Trends