Category: Uncategorized
-
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices Eduard Kovacs
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices appeared first on SecurityWeek. Read More
-

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing [email protected] (The Hacker News)
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, FortinetRead More
-

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks [email protected] (The Hacker News)
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, inRead More
-
Flaws in legacy D-Link NAS devices under attack
Post ContentRead More
-
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability Ionut Arghire
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek. Read More
-

Google Chrome Adds V8 Sandbox – A New Defense Against Browser Attacks [email protected] (The Hacker News)
Google has announced support for what’s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent “memory corruption in V8 from spreading within the host process.” The search behemoth has described V8 Sandbox as a lightweight, in-process sandboxRead More
-
Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks Ionut Arghire
The US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations. The post Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks appeared first on SecurityWeek. Read More
-
Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right Associated Press
The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data. The post Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right appeared first on SecurityWeek. Read More
-
Confidential VMs Hacked via New Ahoi Attacks Eduard Kovacs
New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek. Read More
-
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits Ionut Arghire
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek. Read More
