Skip to main content

Security News

Filter by:

105 million Android users targeted by subscription fraud campaign

A premium services subscription scam for Android has been operating for close to two years. Called ‘Dark Herring’, the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses.
Bleepingcomputer 28 Jan 2022 48 Views

AirTag use in theft and stalking incidents prompts Apple to update its Personal Safety User Guide

Apple's diminutive trackers have increasingly shown up in news reports around stalking and thefts. The company's updated safety guide includes new information on what to do if you find an unknown AirTag that might be involved in criminal activity.
ZDnet 27 Jan 2022 57 Views

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
Threatpost 27 Jan 2022 55 Views

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
Threatpost 27 Jan 2022 55 Views

Attackers now actively targeting critical SonicWall RCE bug

A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.
ZDnet 26 Jan 2022 81 Views

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...
ZDnet 26 Jan 2022 121 Views

Trellix finds OneDrive malware targeting government officials in Western Asia

Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix. 
ZDnet 26 Jan 2022 1247 Views

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
Threatpost 25 Jan 2022 90 Views

Log4j: Mirai botnet found targeting ZyXEL networking devices

A report explained that the Log4j vulnerability is being used to "infect and assist in the proliferation of malware used by the Mirai botnet."
ZDnet 25 Jan 2022 94 Views

FBI warns of malicious QR codes used to steal your money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.
BleepingComputer 24 Jan 2022 157 Views