Category: Tech Companies

Created with Sketch.

Aruba Networks has issued a security advisory to notify customers of six critical vulnerabilities affecting multiple versions of ArubaOS

The US Cyber and Infrastructure Security Agency (CISA) has released ‘Decider’, an open source tool that helps security professionals quickly generate MITER ATT&CK mapping reports. By having a common standard, organizations can quickly share comprehensive and accurate information about newly discovered or emerging threats and help delay their effectiveness. The tool asks user-directed questions about…
Read more

Aruba Networks has issued a security advisory to notify customers of six critical vulnerabilities affecting multiple versions of ArubaOS

The flaws affect Aruba Mobility Conductor, Aruba Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba. Aruba Networks is a California subsidiary of Hewlett Packard Enterprise, specializing in computer networks and wireless connectivity solutions. The affected versions are: • ArubaOS 8.6.0.19 and below • ArubaOS 8.10.0.4 and below • ArubaOS 10.3.1.0 and below…
Read more

MortalKombat ransomware victims can now decrypt their locked files for free

Cyber security company Bitdefender has released a universal decryptor for the MortalKombat ransomware – a strain first spotted by cyber researchers in January 2023. The malware has encrypted dozens of victims across the US, UK, Turkey and the Philippines, according to a recent Cisco report. Bitdefender did not say how they obtained the decryption keys…
Read more

Hackers are actively exploiting two critical vulnerabilities in the Houzez theme

The Houzez theme is a premium plugin that costs $69, offering easy listing management and a seamless customer experience. The provider’s website claims to serve over 35,000 customers in the real estate industry. The Patchstack report warns that some sites have not implemented the security update, and hackers are actively exploiting these old flaws in…
Read more

Hackers using macOS apps to deploy cryptocurrency mining malware

This malware uses the Invisible Internet Project (i2p) to download malicious components and send coins to the attacker’s wallet. One example of the evasion technique is a shell script that monitors the list of running processes to check for the presence of Activity Monitor and, if so, terminate the mining processes. The malicious mining process…
Read more

Experts have spotted a malware called Frebniis that abuses a feature of Microsoft IIS to deploy a backdoor and monitor all traffic

The HTTP to the system. Broadcom Symantec researchers have spotted a new malware, dubbed Frebniis, that exploits Microsoft Internet Services (IIS) to deploy a backdoor and monitor all HTTP traffic to the infected system. The malicious code was used in attacks against targets in Taiwan by a currently unknown hacker. Frebniis works by injecting code…
Read more

Hackers stole GoDaddy ‘s source code and installed malware in a multi – year hack

Web hosting giant GoDaddy says it suffered a breach in which unknown attackers stole source code and installed malware on its servers after hacking into the cPanel shared hosting environment in a multi-year attack. While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect…
Read more

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

Cybersecurity solutions company Fortinet has released security updates for its FortiNAC and FortiWeb products that address two critical hardware vulnerabilities that could allow unauthenticated attackers to run arbitrary code or execute commands. The vendor has not provided mitigation advice or workarounds for any of the flaws, so applying the available security updates is the only…
Read more

Microsoft’s February security updates fix three actively exploited zero-day vulnerabilities and a total of 77 vulnerabilities

Nine vulnerabilities were classified as ‘critical’ because they allow remote code execution on vulnerable devices. The number of bugs in each vulnerability category is listed below: • 12 Elevation of Privilege Vulnerabilities • 2 Security Features Bypass Vulnerabilities • 38 Remote Code Execution Vulnerabilities • 8 Information Disclosure Vulnerabilities • 10 Denial of Service Vulnerabilities…
Read more

Apple has released critical security updates to address a new zero-day vulnerability used in attacks to hack into iPhones, iPads and Mac computers

The patch is listed as CVE-2023-23529 and targets WebKit that can be exploited to trigger OS crashes. A successful exploit allows attackers to run malicious code on devices running vulnerable versions of iOS, iPadOS, and macOS. The full list of affected devices is quite extensive, as the bug affects both older and newer models, and…
Read more

    © 2023 Cybecs

    Skip to content