Internet Security

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

January 18, 2024 add comment
Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star Blizzard”, “TA446”) is a Russian... Read more »

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

January 18, 2024 add comment
Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting... Read more »

iShutdown lightweight method allows to discover spyware infections on iPhones

January 18, 2024 add comment
Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence... Read more »

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

January 17, 2024 add comment
Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the cyberattack carried out by... Read more »

Github rotated credentials after the discovery of a vulnerability

January 17, 2024 add comment
GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability through... Read more »

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

January 17, 2024 add comment
U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI)... Read more »

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

January 17, 2024 add comment
Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as... Read more »

Atlassian fixed critical RCE in older Confluence versions

January 16, 2024 add comment
Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution vulnerability,... Read more »

Google fixed the first actively exploited Chrome zero-day of 2024

January 16, 2024 add comment
Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome... Read more »

VMware fixed a critical flaw in Aria Automation. Patch it now!

January 16, 2024 add comment
VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform. VMware Aria Automation (formerly vRealize Automation) is a modern cloud automation platform that simplifies... Read more »
Subscribe to our Newsletter