Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls

The Hacker News
Open in Source
#web#ios#android#windows#google#microsoft#git#chrome#firefox#The Hacker News
Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

By Deeba Ahmed The new MacStealer malware is being advertised on a notorious Russian hacker and cybercrime forum. This is a post from HackRead.com Read the original post: Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

CVE-2023-27232: ttt/32 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.

CVE-2023-27229: ttt/30 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.

CVE-2023-27231: ttt/31 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43

In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.