More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. […]
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack
The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”
The post US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack appeared first on SecurityWeek.
In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone Use Warning in US Agency
Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use.
The post In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone Use Warning in US Agency appeared first on SecurityWeek.
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. […]
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. […]
Malwarebytes Acquires VPN Provider AzireVPN
Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.
The post Malwarebytes Acquires VPN Provider AzireVPN appeared first on SecurityWeek.
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.
“This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures,” CloudSEK said in a
“This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures,” CloudSEK said in a
Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI
ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution.
The post Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI appeared first on SecurityWeek.
Nokia Says Impact of Recent Source Code Leak Is Very Limited
After the hacker IntelBroker leaked stolen source code, Nokia said the impact of the cybersecurity incident is limited.
The post Nokia Says Impact of Recent Source Code Leak Is Very Limited appeared first on SecurityWeek.
Google’s mysterious ‘search.app’ links leave Android users concerned
The most recent update to the Google Android app has startled users as they notice the mysterious “search.app” links being generated when sharing content and links from the Google app externally. […]