A couple of Salt vulnerabilities addressed last week were abused over the weekend to hack Algolia's infrastructure, the search-as-a-service startup revealed. An open-source configuration tool designed for monitoring and updating the state of servers deployed in datacenters and in the cloud, Salt was recently found to be impacted by two issues that could allow attackers to execute arbitrary commands. READ MORE...
A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity. Research uncovered that the cybercriminal gang is exploiting a deserialization vulnerability, CVE-2019-18935, which can allow remote code execution. READ MORE...
Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014. On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could - he claims - be exploited to run malicious code on a targeted device, without alerting the user. READ MORE...
Cisco this week released security updates to address more than 30 vulnerabilities in various products, including 12 high severity flaws impacting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). The most important of these issues is tracked as CVE-2020-3187 (CVSS score of 9.1) and could be exploited to conduct directory traversal attacks and then read or delete sensitive files on a vulnerable system. READ MORE...
According to new research from ESET, a code obfuscation tool that's been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. READ MORE...
Cyber crooks deploying web credit card skimmers on compromised Magento websites have a new trick up their sleeve: favicons that "turn" malicious when victims visit a checkout page. Favicons is a file containing one or more small icons associated with a website and are usually displayed in the browser's address bar, on the tab in which a website has been opened, and in the bookmarks. READ MORE...
Users of numerous popular iPhone apps such as Spotify, Venmo, Tinder, TikTok, DoorDash, and Pinterest experienced persistent app crashes as a result of a bug in Facebook's SDK this week. The crash reports began coming in around 6:30pm Eastern yesterday, but the issue has since been resolved. Not long after the problem emerged, it was revealed to have been caused by a server-side change by Facebook. READ MORE...
An advanced hacker group running cyber-espionage campaigns since at least 2010 has been operating stealthily over the past five years. They deliver a new backdoor called Aria-body and use victims' infrastructure to carry attacks against other targets. Multiple variants of the malware have been discovered and one of them was recently delivered to the Australian government via a malicious email. READ MORE...