Cyber security aggregate rss news

Cyber security aggregator - feeds history

totals: cyware (4) thehackernews (4)

PoC exploits released for critical bugs in popular WordPress plugins

cyware Jan 14, 2023 Malware and Vulnerabilities

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.

Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

cyware Jan 14, 2023 Threat Actors

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries.

Most Cacti Installations Unpatched Against Exploited Vulnerability

cyware Jan 14, 2023 Malware and Vulnerabilities

In December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity command injection flaw that could allow unauthenticated attackers to execute code on the server running Cacti, if a specific data source was used.

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware

cyware Jan 14, 2023 Malware and Vulnerabilities

Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign. A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S.

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws

thehackernews Jan 14, 2023 Feed

Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers

thehackernews Jan 14, 2023 Feed

Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

thehackernews Jan 14, 2023 Feed

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

thehackernews Jan 14, 2023 Feed

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti (1.2.23 and 1.3.0). The issue in question relates to

2023-01

202020212022202320242025

Aggregator history

Saturday, January 14

SUN

MON

TUE

WED

THU

FRI

SAT