Saturday , November 23 2024

Alert

ESET RESEARCH
“eXotic” spyware espionage campaign targets India and Pakistan

phone

ESET researchers found a spying campaign targeting Android users. The campaign uses fake messaging apps that include XploitSPY malware. The campaign, called eXotic Visit, has been active from November 2021 to the end of 2023. Malicious Android apps were distributed through targeted campaigns using dedicated websites and the Google Play …

Read More »

CISA Releases Two Industrial Control Systems Advisories

CISA

CISA released two advisories on April 4, 2024 about security issues, vulnerabilities, and exploits for Industrial Control Systems (ICS). ICSA-24-095-01 Hitachi Energy Asset Suite 9 ICSA-24-095-02 Schweitzer Engineering Laboratories SEL CISA recommends reviewing the newly issued ICS advisory for more information and ways to address the issue.    

Read More »

CISA urges software devs mitigatin SQL injection vulnerabilities

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is. …

Read More »

Alert
VCURMS and STRRAT Trojans deployed via AWS and GitHub

Coding

FortiGuard Labs found a phishing campaign that tricks users into downloading a malicious Java downloader to spread new VCURMS and STRRAT remote access trojans. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub to avoid detection. They used email as its command and control throughout …

Read More »

CISA Releases Two Industrial Control Systems Advisories

CISA

CISA released two advisories on February 29, 2024. The advisories warn about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-060-01 Delta Electronics CNCSoft-B ICSMA-24-060-01 MicroDicom DICOM Viewer EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow RISK …

Read More »

Alert – Critical SQLi Vulnerability Threatens 200K+ Websites

code

A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …

Read More »