New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers warn that the Hildegard malware is part of ‘one of the most complicated attacks targeting Kubernetes.’
Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the...
Second SolarWinds Attack Group Breaks into USDA Payroll — Report
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.
There had been hints that a second group of malicious actors may have exploited a...
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications.
The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the...
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
Industrial control software...
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
Developers of a plugin, used by WordPress websites for building pop-up ads...
Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
Current Vendor: Belkin (Linksys)
Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/
Versions affected: 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin)
Systems Affected: Linksys WRT160NL
Authors: Manuel Ginés - Manuel.Ginesnccgroupcom && Diego Gómez Marañón – Diego.GomezMaranonnccgroupcom
CVE Identifier: CVE-2021-25310
Risk: 8.8 (High)...
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals.
A newly-uncovered phishing kit, dubbed...
Sudo Bug Gives Root Access to Mass Numbers of Linux Systems
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.
A doozy of a bug that could allow any local user...
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet.
Disconnecting devices from the internet is no longer a solid plan...
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.
Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series...