Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server
When the mail server handles an email address with shell escape characters, the postjournal binary just shells out and runs whatever is specified. … Will Dormann / @wdormann@infose...
Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply …
A timeline of the attack on open-source project XZ Utils, which began in late 2021 and led to a backdoor with RCE in Linux distros Debian, Red Hat, and others
Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library …
Researchers reveal a hotel keycard hacking technique that can let a hacker almost instantly open RFID-based Saflok locks used in 3M doors across 13K properties
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
Google's Threat Analysis Group details two limited but highly targeted spyware campaigns using several zero-day exploits against Android, iOS, and Chrome
Two targeted spyware campaigns involving several zero-day exploits for Android, iOS and mobile versions of the Chrome browser were unmasked …
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
Lawrence Abrams / BleepingComputer :
LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
Intel confirms its proprietary UEFI code appears to have been leaked by a third party; the Alder Lake BIOS source code was leaked to 4chan and GitHub
Hack's perpetrator and origins remain unknown. — We recently broke the news that Intel's Alder Lake BIOS source code had been leaked …
Researchers uncover BrakTooth, 16 flaws in Bluetooth firmware in SoC boards used in billions of devices from 11 top vendors that can allow remote code execution
A team of security researchers has published details this week about a suite of 16 vulnerabilities that impact the Bluetooth software stack …Source:Singapore University of Technolo...
Researchers uncover BrakTooth, 16 flaws in Bluetooth firmware in SoC boards used in billions of devices from 11 top vendors that can allow remote code execution
A team of security researchers has published details this week about a suite of 16 vulnerabilities that impact the Bluetooth software stack … Source: Singapore University of Techno...
The official PHP Git repository was hacked, adding a backdoor RCE to the PHP source code; PHP maintainer says the changes were reverted within a few hours
This commit does not belong to any branch on this repository … Mark Sullivan / Fast Company : Hackers put a back door in a code library that powers 79% of websites Tweets: Sam Kott...
The official PHP Git repository was hacked to add backdoors to the PHP source code; the changes were “reverted right away”
In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.
Researchers discover macOS malware dubbed “Silver Sparrow” on at least 30K Macs, which includes a native M1 version and leverages the Installer JavaScript API
and this one is dangerous Matthew Humphries / PCMag : Silver Sparrow Malware Discovered on 30K Infected Macs Joe Rice-Jones / KnowTechie : Mysterious malware was found on nearly 30...
A security researcher was able to purchase one of the Democratic Republic of Congo's top-level domains, potentially preventing malicious use by attackers
Fredrik Almroth thought the authorities would try to save the critical domain name. Nobody ever did.
Researchers: more than 100K Zyxel firewalls and VPN gateways have a hardcoded admin-level backdoor that can grant attackers root access to devices
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries. — More than 100,000 Zyxel firewalls …
Researchers: more than 100K Zyxel firewalls and VPN gateways have a hardcoded admin-level backdoor that can grant attackers root access to devices
The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries. — More than 100,000 Zyxel firewalls …
Researchers find malware operators are now using steganography techniques to hide malicious code in WAV audio files
Steganography malware trend moving from PNG and JPG to WAV files. — Two reports published in the last few months show that malware operators are experimenting with using WAV audi...