The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more
A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging.
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this . . . Read more
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application . . . Read more
Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security . . . Read more
Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW. Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated . . . Read more