ESET Security Products for Windows Vulnerable to Privilege Escalation
ESET, a leading cybersecurity company, recently addressed a local privilege escalation vulnerability in its Windows security products. The Zero Day Initiative (ZDI) reported the vulnerability to ESET. It could have allowed attackers to misuse ESET’s file operations during a restore operation from
VLC Media Player Vulnerabilities Allow Remote Code Execution
VideoLAN, the organization behind the popular VLC Media Player, has disclosed multiple critical vulnerabilities that could allow attackers to execute arbitrary code remotely. These vulnerabilities affect both the desktop and iOS versions of the software. The security advisories, identified as SB-VLC3021 and SB-VLC-iOS359,
Threat Actor Claiming of Israel’s Government API Database
A threat actor has claimed responsibility for breaching Israel’s government API database. The announcement was made via a post on social media X by the darkwebinformer. Details of the Breach According to the post, the threat actor claims to have
Life360 Breach: Hackers Accessed the Tile Customer Support Platform
Life360, a company known for its family safety services, recently fell victim to a criminal extortion attempt. The company received emails from an unknown actor claiming to possess Tile customer information. Upon receiving these emails, Life360 promptly investigated and detected unauthorized access
Total Fitness Exposes 500k Images of Members & Staff
Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database containing 474,651 images belonging to Total Fitness, a health club chain with 15 locations across North England and Wales. The database, which was 47.7 GB in size, included personal screenshots, profile pictures of members
Microsoft Unveils Ways To Detect Compromised Devices In Your Organization
Microsoft has announced a new way to spot potentially hacked machines in your organization. Analysts may now easily identify, examine, and search for suspicious interactive processes running on “hidden desktops” using Defender for Endpoint’s “DesktopName” field. These days, remote desktop protocol
Hackers Using Weaponized Word Documents In QR Code Phishing Attacks
Hackers often abuse weaponized Word docs, as they can contain macros that contain or exploit flaws inside those Word files to run destructive code upon being opened by the intended victims. It enables an attacker to employ this tool to
New Security Vulnerability Let Attackers Microsoft Corporate Email Accounts
A newly discovered security vulnerability allows attackers to impersonate Microsoft corporate email accounts, significantly increasing the risk of phishing attacks. Security researcher Vsevolod Kokorin, also known as Slonser, found this bug, which Microsoft has not yet patched. Kokorin revealed the
Hackers Can Crack Down 59% Of Passwords Within A Hour
Researchers analyzed real-world passwords leaked on the dark web instead of artificial ones used in labs, as their findings showed that a worrying 59% of these passwords could be cracked within an hour using just a modern graphics card and
Fortinet to Acquire AI-Powered Cloud Security Platform Lacework
Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, has announced its acquisition of Lacework, an AI-powered cloud-native application protection platform (CNAPP). This strategic move aims to enhance Fortinet’s already comprehensive cybersecurity platform by integrating Lacework’s advanced cloud