Author Archives: Ravie Lakshmanan

Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines.
Th… Continue reading Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal→

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim’s wallet.
“By exploiting the vulnerability, it’s possible to decrypt th… Continue reading Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies→

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware.
Dubbed “Lilin Scanner” by Nozomi Networks, the latest version is designed to exploit… Continue reading New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices→

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November.
Also called ALPHV … Continue reading FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide→

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks.
The acknowledgment came after investigative journalist Brian Krebs shared intern… Continue reading T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code→

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections.
Tracked as CVE-2022-0540, the flaw is rated 9.9 o… Continue reading Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability→

A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. 
The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following versions of Java SE and O… Continue reading Researcher Releases PoC for Recent Java Cryptographic Vulnerability→

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign.
“It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addres… Continue reading Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud→

Network-attached storage (NAS) appliance maker QNAP on Thursday said it’s investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month.
The critical flaws, tracked as … Continue reading QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities→

Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems.
The first of the t… Continue reading Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA→