Vulnerability summary for the week: April 24, 2020
Weekly vulnerability digest.
Cybersecurity News - Page 372
NSA, ASD issue a guidance for mitigating web shell malware
The report includes a list of web application vulnerabilities that are commonly exploited to install malware.
A 35,000-device Monero-mining botnet spread via infected USB drives
The researchers were able to sinkhole several C&C domains so that they could monitor the botnet’s activity.
Tag Barnacle group using hacked Revive ad servers to distribute malicious ads
The hackers are targeting Revive installations by injecting an obfuscated Javascript payload that gives them the ability to hijack and display their own ads.
Vietnam-linked hackers target Chinese organizations in charge of COVID-19 response
APT32 has been conducting a spearphishing campaign against Chinese targets in an attempt to collect information about coronavirus.
Zero-day in iOS allows to hack iPhones and iPads just by sending emails
The bugs have been exploited in the wild since at least 2018.
Hackers are using breached Nintendo accounts to buy Fortnite game currency
Nintendo recommends users to enable two-step verification for their Nintendo account.
RCE exploit released for dangerous flaws in IBM Data Risk Manager, IBM is working on a fix
Three separate flaws could be chained to achieve unauthenticated remote code execution as root on vulnerable systems.
Researchers found a way to turn almost every antivirus software into self-destructive tools
Almost all antivirus tools run with high privileges on the system, and threat actors can use this to their advantage.
Threat actors target oil, gas companies with Agent Tesla spyware
This is the first time when Agent Tesla has been deployed as part of attacks targeting the oil & gas industries.
Showing elements 3711 - 3720