Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- CISA Releases Five Industrial Control Systems Advisories
March 2, 2023
CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-061-01 Mitsubishi Electric MELSEC Series ICSA-23-061-02 Baicells Nova Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 21, 2023
ISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Two Industrial Control Systems Advisories
- Cisco’s ClamAV has a heckuva flaw
February 17, 2023
“A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the issue as CVE-2023-20032. “This vulnerability is due to a missing buffer size check that may result in a ...
- CISA Releases Fifteen Industrial Control Systems Advisories
February 16, 2023
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens ...
- Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
February 16, 2023
A new malware dubbed ‘ProxyShellMiner’ exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021. When chained together, the vulnerabilities allow unauthenticated, remote code execution, letting attackers take complete control of ...
- Mirai Variant V3G4 Targets IoT Devices
February 15, 2023
From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself. The vulnerabilities exploited include the following: CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727: FRITZ!Box Webcam Remote Command Execution Vulnerability Mitel AWC Remote Command Execution Vulnerability Read more… Source: Palo Alto Unit 42