Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.

Threatpost
Open in Source
#web#mac#git#auth
Spryker Commerce OS Remote Command Execution

Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use.

2nd International Workshop On Cyber Forensics And Threat Investigations Challenges Call For Papers

The 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.

Fraudulent cryptocurrency investment apps are duping investors

The FBI has warned about fraudulent cryptocurrency investment apps that are defrauding victims. The post Fraudulent cryptocurrency investment apps are duping investors appeared first on Malwarebytes Labs.

Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users

Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of

CVE-2022-34640: [Bug Report] Incorrect *tval for ecall/ebreak · Issue #898 · openhwgroup/cva6

The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect.

Trojanized Password Crackers Targeting Industrial Systems

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

APT Groups Trapping Targets with Clever Twitter Scheme

By Deeba Ahmed According to researchers, state-backed APT groups are trapping their targets by employing social engineering tactics including posing as… This is a post from HackRead.com Read the original post: APT Groups Trapping Targets with Clever Twitter Scheme

CVE-2022-1912: settings.php in smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages – WordPress Plugin Repository

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.