Vulnerable Fortinet FortiOS System Expose VPN’s Credentials

Posted by & filed under Security Alerts.

In a joint alert, CISA and the FBI note nation-state actors are scanning for FortiOS vulnerabilities tracked as CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591 for initial attacks. The alert does not disclose details on the threat actors, but it says the agencies have detected a surge in scanning activities for the vulnerabilities since March. The agencies say the… Read more »

Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers

Posted by & filed under Security Alerts.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.” To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken… Read more »

What is SQL Injection and How to Prevent SQLi Attacks

Posted by & filed under Security Alerts.

First discovered in 1998, SQL injections (SQLi) are still a devastatingly effective attack technique and remain a top database security priority. SQL, or Structured Query Language, is the command-and-control language for relational databases such as Microsoft SQL Server, Oracle, IBM DB2 and MySQL. In modern web development, relational databases are a critical resource on the back end of web applications and… Read more »

VMware fixes bug allowing attackers to steal admin credentials

Posted by & filed under Security Alerts.

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. vRealize Operations is an AI-powered and “self-driving” IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution. The vulnerability was discovered and reported to VMware by Positive… Read more »

Critical netmask networking bug impacts thousands of applications

Posted by & filed under Security Alerts.

Popular npm library netmask has a critical networking vulnerability. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend on netmask. The bug… Read more »