Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses â:::trim:::â to split data sent and received […]
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. 12 of these vulnerabilities were submitted through the ZDI program. Six vulnerabilities […]
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856). Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The flaw is the tenth actively exploited zero-day vulnerability since the start of the […]
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at https://cybernews.com/security/millions-ip-cameras-exposed/ When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother â […]
VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by […]
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware […]
LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, […]
A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities. The experts were not able […]
Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 […]
Fortinet fixed an actively exploited FortiOSÂ SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOSÂ SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The CVE-2022-42475 flaw […]