Tag: Cybersecurity

Temu Allegedly Hacked, Data Put on Sale On The Darknet

Darknet forum user puts huge pack of user data leaked of alleged Temu hack. But is it real?

Chinese retailer Temu allegedly suffered a huge data breach. Hackers have put a leaked database for sale on the Darknet, which contains 87 million records with customer information. The company, however, completely denies being hacked or experiencing a data leak. This suggests the possibility that the data was just scraped from other sources. Temu Hacked,… Continue reading Temu Allegedly Hacked, Data Put on Sale On The Darknet

Critical VMWare vCenter Server RCE Vulnerability Fixed

Broadcom fixed two pretty severe flaws in a recent security update

On Tuesday, September 17, Broadcom released a security update that fixes a critical remote code execution flaw in VMWare vCenter Server software. Disclosed upon the patch release, this flaw has got a significant CVSS score of 9.8, reflective of how severe the exploitation consequences can be. The company offers no mitigation ways, just installing the… Continue reading Critical VMWare vCenter Server RCE Vulnerability Fixed

Chase Bank Glitch: Fast Earning Scheme Explained

Chase Bank got into a rather unpleasant story, but ones who followed the glitch got themselves into even worse one.

Chase Bank Glitch is a recent viral campaign that goes on different social media, particularly including TikTok and Instagram. In it, authors share the alleged way to abuse a glitch in Chase Bank ATMs to get a huge amount of money. But, as it turned out further, this glitch is nothing more than a check… Continue reading Chase Bank Glitch: Fast Earning Scheme Explained

Critical RCE Vulnerability in GiveWP WordPress Plugin

Another vulnerability with max CVSS was found and fixed.

A critical vulnerability has been discovered in the GiveWP WordPress plugin that leaves thousands of websites exposed. The vulnerability is of a high severity and allows for controlling the entire affected website without any authentication. A fix is currently available to address this vulnerability, so users should update as soon as possible. Critical RCE vulnerability… Continue reading Critical RCE Vulnerability in GiveWP WordPress Plugin

Google Pixel Devices Shipped with Vulnerable App

Some Google Pixel devices from showroom has vulnerable app

Recent research has uncovered a vulnerable app in the Android package on a whole bunch of Google Pixel smartphones. Devices shipped worldwide since September 2017 may be susceptible to malware deployment by malicious actors. This issue is linked to a pre-installed app called “Showcase.apk”, that is particularly used on showroom devices. Google Pixel Phones Contain… Continue reading Google Pixel Devices Shipped with Vulnerable App

Critical Windows TCP/IP Vulnerability Uncovered, Patch Now

A critical vulnerability in the Windows TCP/IP stack allows unauthenticated remote code execution (RCE)

A critical vulnerability has been discovered in the Windows TCP/IP stack that allows unauthenticated remote code execution (RCE). This vulnerability can be exploited remotely by sending specially crafted IPv6 packets to the target system. Successful exploitation could allow an attacker to execute arbitrary code on the target system and affects all supported versions of Windows… Continue reading Critical Windows TCP/IP Vulnerability Uncovered, Patch Now

EDRKillShifter Malware: New EDR Killer Tool in Ransomware Actors’ Toolkit

Researchers analysed a new anti-EDR toolkit used by ransomware actors

Recent research uncovers a new anti-EDR utility in the arsenal of malware actors, nicknamed EDRKillShifter. Its main known user to the moment is the RansomHub ransomware gang. Though, it is likely for other threat actors to adopt this tool, as similar utilities have immense popularity among cybercriminals nowadays. EDRKillShifter Used in Ransomware Attacks Research team… Continue reading EDRKillShifter Malware: New EDR Killer Tool in Ransomware Actors’ Toolkit

Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now

August 2024 update from SAP fixes huge amount of vulnerabilities, including two severe ones

SAP, the developer of business management software, released a huge security update that fixes numerous vulnerabilities in their software. Among them are severe authentication bypass and server-side request forgery vulnerabilities rated at CVSS 9.8 and 9.1 respectively. The company urges installing updates as soon as possible, as the mentioned flaws affect a substantial number of… Continue reading Critical SAP Auth Bypass and SSRF Flaws Fixed, Update Now

1Password Vulnerability for MacOS Causes Credentials Leak

1Password vulnerability was found and fixed

A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app’s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible. 1Password Vulnerability… Continue reading 1Password Vulnerability for MacOS Causes Credentials Leak

Windows COM Vulnerability Exploited by Chinese Hackers

Chinese hackers abuse the old Windows flaw with email attachments

A vulnerability in Windows COM, first discovered in 2018, has become the target of attacks once again. A Chinese hacker group, likely affiliated with the Ministry of State Security of the People’s Republic of China, has exploited this vulnerability in an attack on a research center in Taiwan. Microsoft offers a non-obvious solution to this… Continue reading Windows COM Vulnerability Exploited by Chinese Hackers