Critical flaw in ManageEngine MSP tool exploited in the wild
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.
Void Balaur will target individuals and organisations in Russian-speaking countries with an intimate knowledge of telecom systems.
The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.
Researchers have reported 14 vulnerabilities in the BusyBox userspace tool that's used in millions of embedded devices running Linux-based firmware.
Security researchers demonstrated an attack chain against Nagios that combined multiple vulnerabilities to achieve remote code execution.
The criminals behind the Trojan have placed fully functional utilities that carry malicious code on the Google Play store in a way that evades detection.
Researchers at Splunk outline a technique that could detect malicious activity in the software supply chain, but with some limitations.
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
The REvil group, a.k.a. Sodinokibi, re-victimises its targets by threatening to release stolen data even after the initial ransom demand is paid.
One of the vulnerabilities patched by Microsoft has been exploited by a Chinese cyber-espionage group since at least August.
The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.
2FA has been widely adopted by online services and turning it on is probably the best thing users can do for their online account security.
A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook to leak plaintext Windows domain credentials to external servers.
Data poisoning involves tampering with and polluting a machine learning model's training data, impacting the ability to produce accurate predictions.