Categories
Featured

Security flaw in popular proxy service leaves 50,000 hosts vulnerable

[ad_1]

More than half of Tinyproxy service hosts are running a flawed version which hackers could use in remote code execution attacks, a new report from researchers from Cisco Talos has claimed.

Tinyproxy is a lightweight HTTP/HTTPS proxy server commonly used to improve internet access speed by caching frequently accessed web pages, filtering out unwanted content, and providing anonymity. 

[ad_2]

Source Article Link

Categories
Featured

Over a billion users could be at risk from keyboard logging app security flaw

[ad_1]

Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims.

It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin, Baidu IME, iFlytek IME, Samsung Keyboard on Android, Xiaomi (with keyboard apps from Baidu, iFlytek, and Sogou), OPPO, Vivo, Honor, all of these allowed potential threat actors to decrypt Chinese mobile users’ keystrokes, completely passively, and without the users needing to send any extra network traffic.

[ad_2]

Source Article Link

Categories
Featured

Microsoft says Russian hackers are exploiting an ancient printer security flaw

[ad_1]

Russian state-sponsored threat actors were observed abusing an old printer vulnerability to drop custom malware on target endpoints.

The malware helped them exfiltrate sensitive data and login credentials. This is according to a new report from Microsoft Threat Intelligence, published earlier this week.

[ad_2]

Source Article Link

Categories
Featured

A critical security flaw could affect thousands of WordPress sites

[ad_1]

Hundreds of thousands of WordPress websites are vulnerable to a critical severity flaw which allows threat actors to upload malware to the site through a bug in a plugin. 

As reported by BleepingComputer, Japan’s CERT recently found a critical severity flaw (9.8) in the Forminator plugin, built by WPMU DEV. The flaw, now tracked as CVE-2024-28890, allows threat actors to obtain sensitive information by accessing files on the server.

[ad_2]

Source Article Link

Categories
Featured

Criminals hack OpenMetadata flaw to mine crypto on Kubernetes

[ad_1]

Hackers have been observed abusing flaws in OpenMetadata workloads to install cryptocurrency miners on Kubernetes.

Cybersecurity researchers from the Microsoft Threat Intelligence team reported of a new campaign, which started in early April 2024 that saw unidentified threat actors were scanning the web for internet-connected OpenMetadata workloads, vulnerable to these five flaws: CVE-2024-28847, CVE-2024-28848, CVE-2024-28253, CVE-2024-28254, and CVE-2024-28255.

[ad_2]

Source Article Link

Categories
Featured

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

[ad_1]

For weeks now, unidentified threat actors have been leveraging a critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, running arbitrary code on vulnerable firewalls, with root privilege. 

Multiple security researchers have flagged the campaign, including Palo Alto Networks’ own Unit 42, noting a single threat actor group has been abusing a vulnerability called command injection, since at least March 26 2024.

[ad_2]

Source Article Link

Categories
Featured

BMC flaw left unchecked for 6 years hits Intel and Lenovo servers

[ad_1]

The lack of communication that happened six years ago resulted in thousands of devices being vulnerable to a remotely exploitable heap out-of-bounds (OOB) read vulnerability – today. Among the vulnerable devices are Intel and Lenovo servers.

Here is what happened: Six years ago, the maintainers of Lighttpd discovered the above-mentioned flaw, which could allow threat actors to exfiltrate process memory addresses. That, in turn, could have been used to work around protection mechanisms. 

[ad_2]

Source Article Link

Categories
Featured

Another top WordPress plugin has a serious security flaw — patch now to keep your website safe

[ad_1]

Another major WordPress plugin was found vulnerable to a high-severity flaw which allowed malicious actors to steal sensitive information from the website, including password hashes.

LayerSlider has published a new security advisory, saying the product is now in version 7.10.1, but adding, “This update includes important security fixes.”

[ad_2]

Source Article Link

Categories
Featured

An ancient Linux flaw might be opening up users to dangerous cyberattacks

[ad_1]

Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.

The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited).

[ad_2]

Source Article Link

Categories
Featured

Ray framework flaw exploited for hackers to breach servers

[ad_1]

The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data. 

This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”. 

[ad_2]

Source Article Link