computer security

Atlassian Confluence Vulnerability

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to address a critical security vulnerability related to the use of hardcoded credentials affecting the questions for confluence app for Confluence Server and Confluence Data Center. The error, tracked as CVE-2022-26138occurs when the app in question is enabled on one of the two services, creating a Confluence user account with …

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability Read More »

Apple macOS Spyware

Experts Discover New CloudMensis Spyware Targeting Apple macOS Users — The Hacker News

Cybersecurity researchers have unmasked a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovakian cybersecurity firm ESET, would exclusively use public cloud storage services such as pCloud, Yandex Disk and Dropbox to receive attacker commands and exfiltrate files. “The capabilities clearly show that the operators’ intent is to collect …

Experts Discover New CloudMensis Spyware Targeting Apple macOS Users — The Hacker News Read More »

Several new Play Store apps spotted spreading Joker, Facestealer, and Coper malware — The Hacker News

Google has taken steps to remove dozens of rogue apps from the official Play Store that were spotted distributing Joker, Facestealer, and Coper families of malware through the virtual marketplace. While the Android storefront is considered a trusted source for discovering and installing apps, attackers have repeatedly found ways to sneak past security barriers set …

Several new Play Store apps spotted spreading Joker, Facestealer, and Coper malware — The Hacker News Read More »

Apple iOS, iPadOS, macOS Devices

Microsoft Details App Sandbox Escape Bug Affecting Apple iOS, iPadOS, and macOS Devices

Microsoft on Wednesday shed light on a now-patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. “An attacker could exploit this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands, such as installing additional payloads,” Jonathan Bar …

Microsoft Details App Sandbox Escape Bug Affecting Apple iOS, iPadOS, and macOS Devices Read More »

Retbleed Speculative Execution Attack

New ‘Retbleed’ Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have discovered yet another vulnerability affecting many legacy AMD and Intel microprocessors that could bypass current defenses and result in Specter-based speculative execution attacks. dubbed rebleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), showing the chip makers release software mitigations as …

New ‘Retbleed’ Speculative Execution Attack Affects AMD and Intel CPUs Read More »

AiTM Phishing Attacks

Microsoft warns of large-scale AiTM phishing attacks on more than 10,000 organizations

Microsoft announced Tuesday that a large-scale phishing campaign since September 2021 has targeted more than 10,000 organizations by hijacking the Office 365 authentication process, even on accounts protected with multi-factor authentication (MFA). “The attackers then used the stolen credentials and session cookies to access the affected users’ mailboxes and conduct follow-up corporate email compromise (BEC) …

Microsoft warns of large-scale AiTM phishing attacks on more than 10,000 organizations Read More »

Microsoft

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, including a zero-day vulnerability that is actively attacked in the wild. Of the 84 deficiencies, four were rated as Critical and 80 as Major in Seriousness. Also solved separately by the tech giant two other bugs …

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout Read More »

Microsoft

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, including a zero-day vulnerability that is actively attacked in the wild. Of the 84 deficiencies, four were rated as Critical and 80 as Major in Seriousness. Also solved separately by the tech giant two other bugs …

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout Read More »

Rozena Backdoor

Hackers Abuse Follina Bug To Use Rozena Backdoor

A newly observed phishing campaign takes advantage of the recently revealed Follina security vulnerability to spread a previously undocumented backdoor on Windows systems. “Rozena is a backdoor malware capable of injecting a remote shell connection back to the attacker’s computer,” said researcher Cara Lin of Fortinet FortiGuard Labs. said in a report this week. Tracked …

Hackers Abuse Follina Bug To Use Rozena Backdoor Read More »

Phishing Scam Reportedly Behind $540 Million Axie Infinity Hack

Image† Sky Mavis NFT pokemon clone Axie Infinity went from being famous for players taking advantage of its “play-to-earn” gaming scams to being infamous for being hacked into $540 million worth of cryptocurrency. Now according to a new report from The block we know what enabled the security breach: a sophisticated phishing attempt developed on …

Phishing Scam Reportedly Behind $540 Million Axie Infinity Hack Read More »