
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
May 31, 2023Ravie LakshmananServer Security / Cryptocurrency A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm...

Critical Jetpack WordPress Flaw Exposes Millions of Website
To address a critical vulnerability in the Jetpack WordPress plug-in, Automattic, the company that created the open-source WordPress content management system, has begun enforcing the installation of a security patch on millions of websites. Reports stated no proof that the vulnerability had...

Kali Linux 2023.2 Released – What’s New!
Kali Linux celebrated its 10th year Anniversary on 13th March 2023 by releasing their Kali Linux version 2023.1. Following their first quarter release, they have released their 2023.2 version with many more enhancements and new tools. Users of Kali Linux...

Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver
While IPFS provides a distributed file system, it falls short in addressing other critical aspects of Web3, such as decentralized governance and consensus mechanisms. Web3 promises to transform the internet and make it a much better place for the people...

A Year In HackerOne’s Bug Bounty Program
Hackers Report The Most Vulnerabilities In 2022 To Keep The Platform Secure We looked at how our program performed from February 2022 to February 2023. In 2022, we saw an 89% increase in bounty submissions to our program. While we...

Jimbos Protocol Loses Over 4,000 ETH After A Hacking Incident
Posted on May 30, 2023 at 11:39 PM Jimbos Protocol, which runs on the Arbitrum network, has become the latest decentralized finance (DeFi) protocol that has suffered a hacking exploit. Hacking attacks in the decentralized finance (DeFi) industry have become...

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
May 30, 2023Ravie LakshmananZero Day / Vulnerability Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week....

Invicta Malware Delivered Through Fake GoDaddy Refund Invoices
The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware....

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
May 29, 2023Ravie LakshmananAuthentication / Mobile Security Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put...

Data Breach at MCNA Dental Insurer Impacts 9 Million Users
The discovery of unauthorized access to MCNA Insurance Company’s systems occurred on March 6th 2023, although the initial breach had taken place as early as February 26th 2023. MCNA Insurance Company, a prominent US-based dental benefits manager serving millions of...

Dark Frost botnet launches a large-scale DDoS attack compromising hundreds of devices
Posted on May 29, 2023 at 8:19 AM A new botnet known as Dark Frost has been detected to be behind a distributed denial-of-service (DDoS) attack within the gaming industry. The botnet has expanded in terms of activity and it...

Commercial PREDATOR Spyware – Delivered Through Zero-Click Exploit
A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final...