Security News

Filter by:

Adobe’s Surprise Security Bulletin Dominated by Critical Patches

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.
Threatpost 28 Oct 2021 688 Views

Apple Patches Critical iOS Bugs; One Under Attack

Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
Threatpost 28 Oct 2021 757 Views

HTTPS Threats Grow More Than 314% Through 2021: Report

Packet Storm 28 Oct 2021 20187 Views

NPM packages disguised as Roblox API code caught carrying ransomware

Subverted libraries likely intended as a prank but should be taken seriously, say security researchers Yet another NPM library has turned up infected with malware. Security firm Sonatype on Wednesday said it had spotted two related malicious NPM libraries that were named so they might be mistaken for...
The Register 28 Oct 2021 12146 Views

WordPress Plugin Bug Lets Subscribers Wipe Sites

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
Threatpost 28 Oct 2021 610 Views

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (...
Microsoft 26 Oct 2021 655 Views

Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls

Only for one-to-one voice and video, mind Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.…
The Register 23 Oct 2021 10291 Views

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks

The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the...
The Hacker News 23 Oct 2021 10212 Views

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The...
The Hacker News 23 Oct 2021 9584 Views

WinRAR’s vulnerable trialware: when free software isn’t free

PT SWARM 22 Oct 2021 902 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY