18 Jan Illegal Solaris darknet market hijacked by competitor KrakenSolaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named ‘Kraken,’ who claims to have hacked it on January 13, 2022. […]
18 Jan Avast releases free BianLian ransomware decryptorSecurity software company Avast has released a free decrypter for the BianLian ransomware strain to help victims of the malware restore their files without paying a ransom. […]
17 Jan Git patches two critical remote code execution security flawsGit has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. […]
17 Jan Hackers turn to Google search ads to push info-stealing malwareHackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. […]
17 Jan Hackers can use GitHub Codespaces to host and deliver malwareGitHub Codespaces, a cloud-hosted integrated development environment (IDE), has a port forwarding feature that malicious actors can abuse to host and distribute malware to unaware developers. […]
17 Jan Over 4,000 Sophos Firewall devices vulnerable to RCE attacksOver 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution (RCE) vulnerability. […]
16 Jan Researchers to release PoC exploit for critical Zoho RCE bug, patch nowProof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. […]
16 Jan MSI accidentally breaks Secure Boot for hundreds of motherboardsOver 290 MSI motherboards are reportedly affected by an insecure default UEFI Secure Boot setting settings that allows any operating system image to run regardless of whether it has a wrong or missing signature. […]
16 Jan Vice Society ransomware leaks University of Duisburg-Essen’s dataThe Vice Society ransomware gang has claimed responsibility for the November 2022 cyberattack that forced the University of Duisburg-Essen (UDE) to reconstruct its IT infrastructure, a process that’s still ongoing. […]
16 Jan Datadog rotates RPM signing key exposed in CircleCI hackCloud security firm Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during a recent CircleCI security breach. […]