Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability


Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that’s known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another […]

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices


Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, […]

A New APT Hacker Group Spying On Hotels and Governments Worldwide


A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, […]

Singapore Businesses Struggling to Cope with Network and Ransomware Attacks


Read Aloud While Singapore is accelerating its digital transformation capabilities, cybersecurity standards remain a severe concern for organizations in the country. New research from Barracuda Networks revealed that network and ransomware attacks have become a challenge for organizations in Singapore, as most of them are falling victim to serious security repercussions. In its State of […]

Numando Banking Trojan Abuses YouTube, Pastebin and other Public Platforms


Read Aloud ESET Research spotted a banking Trojan Numando, as part of a series on Malware in Latin America. Numando, like its other malware families, uses fake overlay windows, backdoor functionality, and abuse of public services such as YouTube and Pastebin to store its remote configuration. This threat actor has been reported to be active […]

Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses


A new as-yet unpatched weakness in Apple’s iCloud Private Relay feature could be circumvented to leak users’ true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop […]

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows


Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads. “Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in […]

Personal Data of 106 Mn Visitors to Thailand Left Exposed Online


Read Aloud Thailand is one of the popular tourist destinations with a large number of visitors from across the world. While the country is looking forward to welcoming tourists post-pandemic, a recent data breach incident has left a bitter experience among millions of travelers who visited Thailand in the last 10 years. Bob Diachenko, cybersecurity […]

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software


Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is as follows – CVE-2021-34770 (CVSS […]