Author Archives: Ravie Lakshmanan

DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts.
Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and i… Continue reading GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts→

The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from… Continue reading Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems→

Two new security vulnerabilities have been disclosed in Rockwell Automation’s programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily… Continue reading Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code→

A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data.
“The … Continue reading Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit→

The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured back… Continue reading North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims’ Crypto→

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices.
“An authentication bypass vulnerability ca… Continue reading Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices→

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild.
The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, ma… Continue reading Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices→

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system.
Tracked as CVE-… Continue reading Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework→

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The… Continue reading Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks→

Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for n… Continue reading Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds→