Month: April 2023

0 Comments
by Paul Ducklin Cybersecurity researchers in Belgium and the US recently published a paper scheduled for presentation later this year at the USENIX 2023 conference. The three co-authors couldn’t resist a punning title, dubbing their attack Framing Frames, with a slightly easier-to-follow strapline that says Bypassing Wi-Fi encryption by manipulating transmit queues. As security researchers
0 Comments
A new vulnerability has been discovered in Microsoft’s Azure Service Fabric Explorer (SFX) that would enable unauthenticated, remote threat actors to execute code on a container hosted on a Service Fabric node. Dubbed Super FabriXss by the Orca Security team, the cross-site scripting (XSS) flaw (CVE-2023-23383) has a CVSS score of 8.2 and affects SFX version 9.1.1436.9590 or
0 Comments
Apr 01, 2023Ravie LakshmananCyber Attack / Vulnerability Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in
0 Comments
A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including
0 Comments
Apr 01, 2023Ravie LakshmananAzure / Active Directory Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several “high-impact” applications to unauthorized access. “One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but