IoT Security, Attacks And The Industrial Systems at Risk
Hackers could target smart manufacturing and other industrial environments with new and unconventional cyber attacks designed to exploit vulnerabilities in ecosystems which are supporting the Industrial Internet of Things (IIoT) according...
Misconfigured Kubernetes Target Of XMRig Mining Campaign
XMRig Campaign Target Misconfigured Kubernetes to Mine Cryptocurrency
Kubernetes clusters, due to their cloud computing capabilities and widespread use, are the perfect target for crypto-mining campaigns. A widespread XMRig Monero-mining...
Vulnerabilities in old GTP protocol could affect 4G and 5G networks
Experts cautioned that problems in the GPRS Tunneling Protocol (GTP) could affect the operation of 4G and 5G networks. In reports published last week and in December 2019, Positive Technologies and A10 Networks described...
StrandHogg 2.0 – Android Flaw Leaves 1 Billion Devices Vulnerable to Application Hijacking
A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into...
Exploit for Firefox 68 on Android Local Area Network SSDP Screencast
Firefox for Android LAN-Based Intent Triggering
Exploit research and development by Chris Moberly (Twitter: @init_string)
Overview
The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android...
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
Threat actors used a Safari zero-day flaw to send malicious links...
Magento Based Stores See Biggest Attack Due to 0day flaw
Well-known cybersecurity expert and founder of Sanguine Security (SanSec) Willem de Groot (Willem de Groot) warned of the largest ever campaign aimed at compromising online stores based on the e-commerce platform...
How A College Student Made 10k From Bug Bounties
Author: Tilson Galloway
API keys, passwords, and customer data are accidentally posted to GitHub every day.
Hackers use these keys to login to servers, steal personal information, and rack up absurd...
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.
A critical security bug in the SonicWall VPN portal can be used to crash the device...
Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
Juplink’s RX4-1800 WiFi router was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. An attacker...
