Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiativeâs Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]
The Android app Web Explorer â Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific usersâ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A browsing app for Android devices, Web Explorer â Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research […]
Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft, Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128, in attacks aimed at South Korean users. Google Threat Analysis Group researchers discovered the zero-day vulnerability in late October 2022, it […]
Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. “This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, […]
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during […]
Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs. The most severe issue addressed by the security vendor is a critical code injection vulnerability tracked as CVE-2022-3236. “A code […]
Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for […]
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM that can allow threat actors to remotely attack vehicles from multiple carmakers, including Honda, Nissan, Infiniti, and Acura. Researcher Sam Curry shared […]
Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a SIM swapping scheme. DoJ announced that Nicholas Truglia (25) was sentenced to 18 months in prison for the theft of over $20 million worth of cryptocurrency through SIM swapping attacks. The man was ordered to […]
Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-based cybersecurity company protecting major Fortune 500 companies, has identified a new underground marketplace in […]