DarkReading
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
.webp)
Cyber Security News
MorLock Ransomware Attacking Organizations to Steal Business Data
A new group known as MorLock ransomware has intensified its attacks on Russian businesses, causing disruptions and financial losses.
HACKRead
New Goldoon Botnet Targeting D-Link Devices by Exploiting Weak Credentials
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
SecurityWeek
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
History of TikTok and how it many view it as a national security threat based on connections to China.
.webp)
Cyber Security News
Multiple QNAP Vulnerability Let Hackers Hijack Your NAS
QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Security Affairs
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Cyber Express
Beware of Active Exploitation: Critical Vulnerabilities in D-Link NAS Devices Exposes 92,000 Devices
An active exploitation of critical vulnerabilities in D-Link Network Attached Storage (NAS) devices has raised concerns for D-Link users exposing
Security Affairs
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link NAS devices bugs to its Known Exploited Vulnerabilities catalog
Bleeping Computer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
DarkReading
92K D-Link NAS Devices Open to Critical Command-Injection Bug
The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
Infosecurity News
Over 90,000 D-Link NAS Devices Are Under Attack
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices
SecurityWeek
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
The Hacker News
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected.
SC Magazine
D-Link NAS device vulnerabilities exploited – no patch available
An attacker could gain remote access to network-attached storage and execute arbitrary commands.
Bleeping Computer
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.
Ars Technica
Hackers actively exploit critical remote takeover vulnerabilities in D-Link devices
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
CyberSecurity Dive
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
SC Magazine
Over 92,000 D-Link NAS devices face compromise risk
More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs.
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
+92,000 Internet-facing D-Link NAS devices can be easily hacked
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Bleeping Computer
Over 92,000 exposed D-Link NAS devices have a backdoor account
A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
.webp)
Cyber Security News
D-Link NAS Command Injection Flaw : 92,000 Devices Affected
A new command injection vulnerability and a backdoor account has been discovered in D-Link Network Attached Storage devices which affects
Cyber Security News
Qualcomm Security Flaws Let Attackers Takeover The Devices
Hackers exploit security flaws in Qualcomm to gain unauthorized access, execute malicious code, or potentially compromise data integrity and
Cyber Security News
Wireshark 4.2.4 Released : What’s New!
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis.
DarkReading
Russian APT Releases More Deadly Variant of AcidRain Wiper Malware
New AcidPour variant can attack a significantly broader range of targets including IoT devices, storage area networks, and handhelds.
The Hacker News
Russian Hackers Target Ukrainian Telecoms with Upgraded 'AcidPour' Malware
AcidPour malware targets four telecom providers in Ukraine, linked to AcidRain and Russian military intelligence operations.
SecurityWeek
Critical Vulnerability Allows Access to QNAP NAS Devices
Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication.
SC Magazine
QNAP fixes three bugs on NAS devices, one critical authentication flaw
The critical flaw is an authentication bug could let users compromise the security of the system.
Security Affairs
Security Affairs newsletter Round 462 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
QNAP fixed 3 flaws in its NAS devices, including an auth bypass
QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices.
Bleeping Computer
QNAP warns of critical auth bypass flaw in its NAS devices
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
SecurityWeek
Zyxel Patches Remote Code Execution Bug in Firewall Products
Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks.
.webp)
Cyber Security News
QNAP 0-Day Flaw : 289,000+ Devices Found Vulnerable
Last week, QNAP released a security advisory in which multiple vulnerabilities were fixed in QTS, QuTS hero and QuTScloud products.
HACKRead
Zero-Day in QNAP QTS Affects NAS Devices Globally - Patch Now
Palo Alto Networks' Unit 42 identified a new zero-day vulnerability in QNAP QTS and QuTS hero firmware from the vendor QNAP.
SecurityWeek
QNAP Patches High-Severity Bugs in QTS, Qsync Central
Two high-severity vulnerabilities in QNAP’s operating system could lead to command execution over the network.
SecurityWeek
Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet
Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet.
HACKRead
Methods for Storing, Protecting Digital Company Files: Secure Strategies for Data Safety
Efficient data storage and security practices are critical for ensuring that sensitive information remains confidential and intact.
Bleeping Computer
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
Security Affairs
Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations
A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops.
HACKRead
Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks, and steal sensitive data.
Security Affairs
Akira ransomware targets Finnish organizations
The Finish NCSC-FI warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country
Bleeping Computer
The Week in Ransomware - January 12th 2024 - Targeting homeowners' data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.
SecurityWeek
Russian Hackers Likely Not Involved in Attacks on Denmark's Critical Infrastructure
Researchers find no direct link between Russian APT Sandworm and last year’s attacks on Denmark’s critical infrastructure.
The Record
Vulnerability affecting smart thermostats patched by Bosch
The vulnerability in a popular connected thermostat could allow a hacker to connect to the device's network.
DataBreaches
Finland warns of Akira ransomware wiping NAS and tape backup devices
Bill Toulas reports: The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies...
Bleeping Computer
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
CyberNews
India’s Cherrinet ISP leaks user data, exposes accounts to abuse attempts
The Cybernews research team discovered an open 1.8TB data trove belonging to internet service provider Cherrinet.
Security Affairs
Decryptor for Tortilla variant of Babuk ransomware released
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator.
SecurityWeek
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Cyber Security News
10 Most Notable Cyber Attacks of 2023
Top 10 Hacks of 2023. Malware. Phishing. Denial of Service (DoS). Distributed Denial of Service (DDoS). Man-in-the-Middle (MitM).
Bleeping Computer
Back up anything with $169 off the Offcloud cloud storage
While we may joke that the internet is forever, it can often be anything but. This lifetime subscription to Offcloud helps you keep what matters for $39.99, $169 off the $209 MSRP.
CyberNews
The latest malicious activity and how to deal with it
Explaining recent malicious activity and analyzing its examples.
Latest Hacking News
Multiple Critical Flaws Found In Zyxel NAS Devices
Zyxel NAS users must rush to update their devices at the earliest as the vendors have patched numerous security flaws. Exploiting these vulnerabilities could allow severe threats from unauthorized users. Zyxel NAS Devices Exhibited Numerous Security
SecurityWeek
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems
Researchers call attention to 14 security defects taht can be exploited to drop and freeze 5G connections on smartphones and routers.
Cyber Security News
New 5Ghoul Attack Impacts 5G Devices From Popular Brands
Cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices
Security Affairs
Security Affairs newsletter Round 449 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips
A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems impacts Android and iOS devices.
The Hacker News
New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands
Major security flaws in 5G modems impact hundreds of smartphone models from brands like Apple, Samsung, and Google.
Bleeping Computer
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems.
Security Affairs
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass
The Hacker News
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel released patches for 15 security issues in NAS, firewall, and AP devices. Includes 3 critical flaws allowing authentication bypass and comman
SecurityWeek
Apple Patches WebKit Flaws Exploited on Older iPhones
Cupertino's security response team said it was aware of a report the flaws were already exploited against versions of iOS before iOS 16.7.1.
SecurityWeek
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.
Bleeping Computer
Zyxel warns of multiple critical vulnerabilities in NAS devices
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices.
The Hacker News
Three Ways Varonis Helps You Fight Insider Threats
Insider threats are difficult for organizations to combat. Varonis’ modern cybersecurity answer uses the data security triad of sensitivity, access, a
The Hacker News
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
QNAP addresses two critical security flaws in its operating system. Remote attackers could execute commands via a network.
Bleeping Computer
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
SecurityWeek
Hackers Earn Over $1 Million at Pwn2Own Toronto 2023
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.
Bleeping Computer
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Cyber Security News
TP-Link, HP Printer, Samsung Galaxy S23 Hacked At Pwn2Own 2023 - Day Two
At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts.
Bleeping Computer
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
Cyber Security News
QNAP Eliminates Server Responsible for Extensive Brute-force Attacks
On October 14, 2023, the company discovered a big wave of weak password attacks. Within 7 hours, the QNAP Product Security Incident Response Team (QNAP PSIRT) successfully blocked hundreds of zombie network IPs using QuFirewall, thereby defending several QNAP NAS devices that were exposed to the internet from further attack.
SecurityWeek
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Bleeping Computer
QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
Trend Micro
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
The Hacker News
New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
A vulnerability in Synology's DSM has been revealed, allowing attackers to remotely hijack admin accounts.
The Hacker News
High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
Cyber Security News
Wireshark 4.0.8 Released - What's New!
Recently, the Wireshark Foundation released a new version of Wireshark (Wireshark 4.0.8) with several new updates and features.
SecurityWeek
Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users' Files
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
Cyber Security News
QNAP Operating Systems Flaw Let Attackers Launch DoS Attacks
An uncontrolled resource consumption vulnerability has been reported to affect multiple QNAP operating systems. The vulnerability allows remote users to launch a denial-of-service (DoS) attack if exploited.
SecurityWeek
CISA Analyzes Malware Used in Barracuda ESG Attacks
CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability.
Bleeping Computer
Clop gang to earn over $75 million from MOVEit extortion attacks
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.
SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability
Multiple DDoS botnets have been observed targeting CVE-2023-28771, a Zyxel firewall vulnerability patched in April.
Cyber Security News
Wireshark 4.0.7 Released – What’s New!
Wireshark, an industry-leading network packet analyzer, has released version 4.0.7, which includes defect fixes, protocol updates, and a few enhancements. I
SecurityWeek
CISA, FBI Warning: Truebot Hackers Exploiting Netwrix Auditor Flaw
Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada.
Latest Hacking News
Severe OS Command Injection Vulnerability Caught In Zyxel NAS Products
Heads up, Zyxel users! The vendors have recently released patches for a serious security vulnerability affecting Zyxel NAS products. Exploiting the vulnerability could allow executing arbitrary commands on the target devices. Users must rush to
Bleeping Computer
Brave Browser boosts privacy with new local resources restrictions
The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how long sites can access local network resources.
Security Affairs
Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix […]
Security Affairs
CISA orders govt agencies to fix recently disclosed flaws in Apple devices
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the […]
Bleeping Computer
CISA orders agencies to patch iPhone bugs abused in spyware attacks
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.
ZDNet
Ransomware and phishing attacks continue to plague businesses in Singapore
In Singapore last year, the number of phishing attempts more than doubled, while ransomware incidents continued to impact small and midsize businesses.
Bleeping Computer
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.
Security Affairs
Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices
Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware […]
The Hacker News
Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices
⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.
Loading more articles....