The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.The vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7. Only roughly 7,000 Internet-exposed systems running vulnerable OpenSSL versions out of a total of more than 1,793,000 unique hosts spotted by Censys online […]
Due to the large number of vulnerabilities in software, the continuous stream of cyber attacks and the conflict in Ukraine, the threat situation in cyberspace is higher than ever before, according to the German government in a new management report for 2022. The annual report of the Bundesamt für Sicherheit in der Informationstechnik (BSI), part […]
Fortinet revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via […]
WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code & Take Full App Control Remotely. So please update your WhatsApp asap!
Hackers are actively exploiting a critical zero-day vulnerability in the WordPress plugin WPGateway & have attacked more than 280,000 sites in the last 30 days, adding malicious admins to the successfully breached sites.
Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. An attacker can exploit the flaw by sending specially crafted messages to the web server […]
A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including geolocation, address, and recordings.
Nearly 8,000 digital wallets have been drained of just over $5.2 million in digital coins including solana’s sol token and USD Coin (USDC), according to blockchain analytics firm Elliptic. Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on solana. The suggestion is that there must have been some […]
A critical vulnerability in Cisco VPN routers makes it possible for attackers to completely take over the remote devices or have them rebooted, causing a denial-of-service, the network manufacturer that released security updates to fix the problem warns. The vulnerability, designated CVE-2022-20842, is present in the web interface of Cisco Small Business RV routers RV340, […]
A vulnerability in crypto bridge Nomad caused during maintenance has resulted in the theft of $190 million worth of cryptocurrencies. Coindesk will let you know. Nomad is a protocol that allows users to exchange tokens between different blockchains. When a user wants to transfer cryptocurrency from one blockchain to another, the bridge puts it in […]