Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild – Tempemail

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it “detected malware samples in the wild that Continue Reading

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses – Tempemail

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed “Blacksmith” (CVE-2021-42114, CVSS score: 9.0) — is designed to trigger bit flips on target Continue Reading

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant – Tempemail

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. “Based Continue Reading

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit – Tempemail

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking Continue Reading

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit – Tempemail

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking Continue Reading

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit – Tempemail

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking Continue Reading

Apache Warns of Zero-Day Exploit in the Wild — Patch You Web Servers Now! – Tempemail

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could Continue Reading

Experts are seeing an ‘explosion of activity’ by pro-China group to mobilise protests and exploit divisions in US- Tempemail

Experts are seeing an ‘explosion of activity’ by a pro-China group to mobilise physical protests in the US and spread disinformation, according to a report. A misinformation campaign on social media “in support of Chinese government interests” and exploiting divisions over Covid-19 has expanded to new languages and platforms, according Continue Reading

Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available – Tempemail

Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system. Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring Continue Reading

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group – Tempemail

A previously undisclosed “zero-click” exploit in Apple’s iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. “The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Continue Reading