Security News

An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage devices or for developing web applications and portals. The purpose is to infect machines with vulnerable versions of the popular TerraMaster operating system, the Zend Framework, or Liferay Portal with FreakOut malware, which can help deploy a wide variety of cyberattacks.

Now patched, the exploits took advantage of bugs in Windows, Chrome, and older versions of Android though watering hole attacks, says Google. In a series of blog posts published Tuesday, Google revealed that it discovered two malicious servers set to deliver different exploit campaigns through watering hole attacks.

We'll guide you through the process of using Homebrew package manager to install security tools on macOS to exploit vulnerabilities found in your Apple equipment. In this follow-up to the installing security tools on macOS via Homebrew series, we'll be looking at various applications that can be used to exploit any vulnerabilities that have been found after performing an assessment using scanning tools to determine what-if any-issues exist.

Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products. Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware and released patches to address the issue.

Attackers don't have time to look at every asset in depth - the number of which can run in the tens of thousands for a large enterprise. The attacker's perspective on how an attacker evaluates assets to go after and exploit on an attack surface begins by answering six questions.

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. Google Project Zero security researcher Maddie Stone discovered that Microsoft's patch in June did not fix the original vulnerability and it can still be leveraged with some adjustments.

A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection. Cybersecurity firms and human rights organizations have detailed multiple malicious attacks involving Pegasus, many of them targeting journalists and human rights activities.

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage.

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. This time, the advanced worm and botnet has returned with over 30 vulnerability exploits.

The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.