Chinese retailer Temu allegedly suffered a huge data breach. Hackers have put a leaked database for sale on the Darknet, which contains 87 million records with customer information. The company, however, completely denies being hacked or experiencing a data leak. This suggests the possibility that the data was just scraped from other sources. Temu Hacked,… Continue reading Temu Allegedly Hacked, Data Put on Sale On The Darknet
Tag: Cybersecurity
Critical VMWare vCenter Server RCE Vulnerability Fixed
On Tuesday, September 17, Broadcom released a security update that fixes a critical remote code execution flaw in VMWare vCenter Server software. Disclosed upon the patch release, this flaw has got a significant CVSS score of 9.8, reflective of how severe the exploitation consequences can be. The company offers no mitigation ways, just installing the… Continue reading Critical VMWare vCenter Server RCE Vulnerability Fixed
Chase Bank Glitch: Fast Earning Scheme Explained
Chase Bank Glitch is a recent viral campaign that goes on different social media, particularly including TikTok and Instagram. In it, authors share the alleged way to abuse a glitch in Chase Bank ATMs to get a huge amount of money. But, as it turned out further, this glitch is nothing more than a check… Continue reading Chase Bank Glitch: Fast Earning Scheme Explained
Critical RCE Vulnerability in GiveWP WordPress Plugin
A critical vulnerability has been discovered in the GiveWP WordPress plugin that leaves thousands of websites exposed. The vulnerability is of a high severity and allows for controlling the entire affected website without any authentication. A fix is currently available to address this vulnerability, so users should update as soon as possible. Critical RCE vulnerability… Continue reading Critical RCE Vulnerability in GiveWP WordPress Plugin
Google Pixel Devices Shipped with Vulnerable App
Recent research has uncovered a vulnerable app in the Android package on a whole bunch of Google Pixel smartphones. Devices shipped worldwide since September 2017 may be susceptible to malware deployment by malicious actors. This issue is linked to a pre-installed app called “Showcase.apk”, that is particularly used on showroom devices. Google Pixel Phones Contain… Continue reading Google Pixel Devices Shipped with Vulnerable App
Critical Windows TCP/IP Vulnerability Uncovered, Patch Now
A critical vulnerability has been discovered in the Windows TCP/IP stack that allows unauthenticated remote code execution (RCE). This vulnerability can be exploited remotely by sending specially crafted IPv6 packets to the target system. Successful exploitation could allow an attacker to execute arbitrary code on the target system and affects all supported versions of Windows… Continue reading Critical Windows TCP/IP Vulnerability Uncovered, Patch Now
EDRKillShifter Malware: New EDR Killer Tool in Ransomware Actors’ Toolkit
Recent research uncovers a new anti-EDR utility in the arsenal of malware actors, nicknamed EDRKillShifter. Its main known user to the moment is the RansomHub ransomware gang. Though, it is likely for other threat actors to adopt this tool, as similar utilities have immense popularity among cybercriminals nowadays. EDRKillShifter Used in Ransomware Attacks Research team… Continue reading EDRKillShifter Malware: New EDR Killer Tool in Ransomware Actors’ Toolkit
Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now
SAP, the developer of business management software, released a huge security update that fixes numerous vulnerabilities in their software. Among them are severe authentication bypass and server-side request forgery vulnerabilities rated at CVSS 9.8 and 9.1 respectively. The company urges installing updates as soon as possible, as the mentioned flaws affect a substantial number of… Continue reading Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now
1Password Vulnerability for MacOS Causes Credentials Leak
A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app’s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible. 1Password Vulnerability… Continue reading 1Password Vulnerability for MacOS Causes Credentials Leak
Windows COM Vulnerability Exploited by Chinese Hackers
A vulnerability in Windows COM, first discovered in 2018, has become the target of attacks once again. A Chinese hacker group, likely affiliated with the Ministry of State Security of the People’s Republic of China, has exploited this vulnerability in an attack on a research center in Taiwan. Microsoft offers a non-obvious solution to this… Continue reading Windows COM Vulnerability Exploited by Chinese Hackers