Security News
Quick fix: Remove cups-browsed, block UDP port 631 Updated After days of waiting and anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in...
Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution. While Google never provides much detail in its monthly patch bulletins about how Android flaws are being abused in the wild, it does note that "There are indications that CVE-2024-36971 may be under limited, targeted exploitation."
Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. "In a Sitting Ducks attack, the actor hijacks a currently registered domain at an authoritative DNS service or web hosting provider without accessing the true owner's account at either the DNS provider or registrar," the researchers said.
Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year. According to the researchers' report, Squarespace pre-registered a bunch of email addresses it thought would be useful to have set up as domain admins following the migration without checking if the email accounts existed.
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol hijacking and a route leak. The incident occurred last week and affected 300 networks in 70 countries.
Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local...
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also...
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the...
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited...
The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20...