People attempting to visit websites hosted on the Belnet network were not able to reach them and were displayed error messages. The websites of the Belgium government and police services were also unavailable.
A latest 5report shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services (AWS) keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks.
The new security patch 2021-05-01 fixes three main critical flaws which were identified in the System component. All these three security breaches could be exploited to run arbitrary code on a vulnerable Android device.
Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer’s BIOS and hardware.
A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on fully up-to-date devices. Monday’s release of version 14.5.1 also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.
Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies.
The Python standard library ipaddress also suffers from the critical IP address validation vulnerability identical to the flaw that was reported in the "netmask" library earlier this year.
A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks.
Heads up, Android users! If you receive an SMS about a package delivery with a link, double-check it for authenticity before clicking on it. A new Android banking trojan identified as FluBot is actively targeting users via such SMS phishing campaigns.
New malware is in the wild targeting Linux systems. Researchers have identified this malware as ‘RotaJakiro’, a Linux backdoor that steals data from devices. This malware, despite active campaigns for the past three years, managed to escape detection.
Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.
Google has revealed Chrome 90 has adopted a new Windows 10 security feature called "Hardware-enforced Stack Protection" to protect the memory stack from attackers.
Researchers from cybersecurity firm Sophos have reported that the use of Transport Layer Security (TLS) encrypted communications by malware has doubled in a year. The TLS protocol allows cybercriminals to privately share information between a C2 server and a website, shielding them from security systems.
At the beginning of March, Microsoft discovered some zero-day vulnerabilities in its Exchange Servers were actively exploited by a hacking group known as Hafnium. Since then, a large number of attackers, including state-sponsored hackers, started exploiting these vulnerabilities in the wild. Recently, attackers were observed exploiting this vulnerability for mining cryptocurrency.