Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

,

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the

, ,
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure,

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
<

,

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
<

, ,
https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw,

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.
Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group has been credited with reporting the flaw on April 13

,

Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild.
Tracked as CVE-2022-1364, the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google’s Threat Analysis Group has been credited with reporting the flaw on April 13

, ,
https://thehackernews.com/2022/04/google-releases-urgent-chrome-update-to.html

Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions

Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions,

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country.
« There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore

,

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country.
« There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore

, ,
https://thehackernews.com/2022/04/ethereum-developer-jailed-63-months-for.html

Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets

Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets

,

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets.

« By luring victims to click on a malicious NFT, an attacker can take full control of the victim’s crypto wallet to steal funds, » Check Point researchers Roman Zaikin, Dikla

,

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets.

« By luring victims to click on a malicious NFT, an attacker can take full control of the victim’s crypto wallet to steal funds, » Check Point researchers Roman Zaikin, Dikla

, ,
https://thehackernews.com/2022/04/rarible-nft-marketplace-flaw-couldve.html

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt,

A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month.
« This botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code, » Fortinet

,

A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month.
« This botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code, » Fortinet

, ,
https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html

Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation

Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation,

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts.
« ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a

,

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts.
« ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a

, ,
https://thehackernews.com/2022/04/microsoft-disrupts-zloader-cybercrime.html

Comment les hackers de l’armée russe se sont attaqués au réseau électrique ukrainien

Comment les hackers de l’armée russe se sont attaqués au réseau électrique ukrainien,

Les créateurs d’Industroyer ont repris du service, cinq ans après avoir provoqué un black-out dans la capitale de l’Ukraine.

,

Les créateurs d’Industroyer ont repris du service, cinq ans après avoir provoqué un black-out dans la capitale de l’Ukraine.

, ,
https://www.01net.com/actualites/comment-les-hackers-de-l-armee-russe-se-sont-attaques-au-reseau-electrique-ukrainien-2055889.html

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware,

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.
« The APT actors have developed custom-made tools for targeting ICS/SCADA devices, » multiple U.S. agencies said in an alert. « The tools enable them to scan for, compromise, and control

,

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.
« The APT actors have developed custom-made tools for targeting ICS/SCADA devices, » multiple U.S. agencies said in an alert. « The tools enable them to scan for, compromise, and control

, ,
https://thehackernews.com/2022/04/us-warns-of-apt-hackers-targeting.html

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild,

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild.
Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The

,

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild.
Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The

, ,
https://thehackernews.com/2022/04/vmware-releases-patches-for-critical.html