Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices,

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild.
The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously.
Tracked as CVE-2022-22675,

,

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild.
The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously.
Tracked as CVE-2022-22675,

, ,
https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework,

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system.
Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users

,

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system.
Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users

, ,
https://thehackernews.com/2022/03/security-patch-releases-for-critical.html

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds,

Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery.
The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug

,

Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery.
The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug

, ,
https://thehackernews.com/2022/03/bugs-in-wyze-cams-could-let-attackers.html

New Python-based Ransomware Targeting JupyterLab Web Notebooks

New Python-based Ransomware Targeting JupyterLab Web Notebooks,

Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser.
« The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the

,

Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser.
« The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the

, ,
https://thehackernews.com/2022/03/new-python-based-ransomware-targeting.html

Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks

Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks

,

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social

,

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social

, ,
https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security,

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account.
According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another

,

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account.
According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another

, ,
https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices,

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.
« An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS, » the company said in an advisory published on March 29, 2022. « If exploited, the vulnerability allows

,

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.
« An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS, » the company said in an advisory published on March 29, 2022. « If exploited, the vulnerability allows

, ,
https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread,

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets.
« Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens, » Morphisec malware researcher Arnold Osipov said in a report

,

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets.
« Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens, » Morphisec malware researcher Arnold Osipov said in a report

, ,
https://thehackernews.com/2022/03/researchers-expose-mars-stealer-malware.html

Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles,

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack.
The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured

,

A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack.
The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured

, ,
https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html

Improve Your Hacking Skills with 9 Python Courses for Just $39

Improve Your Hacking Skills with 9 Python Courses for Just $39,

For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the “soft” side of cybersecurity — like scraping the web for compromised data and detecting bugs. 
Featuring nine full-length video courses, The Complete 2022 Python Programmer Bundle helps you

,

For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the “soft” side of cybersecurity — like scraping the web for compromised data and detecting bugs. 
Featuring nine full-length video courses, The Complete 2022 Python Programmer Bundle helps you

, ,
https://thehackernews.com/2022/03/improve-your-hacking-skills-with-9.html