IcedID Banking Trojan Wins second place in Check Point research sourcesecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from sourcesecurity.com Daily Mail and Mail on Sunday newspapers.
Forescout researchers teamed up with JSOF to find the flaws and added that these can impact over 100 million consumer, enterprise, and industrial IoT devices worldwide. Millions of IT networks use FreeBSD, including Netflix and Yahoo. Meanwhile, IoT/OT firmware, such as Siemens’ Nucleus NET has been used for decades in critical OT and IoT devices.
If exploited, among the plausible scenarios researchers laid out included exposing government or enterprise servers by accessing sensitive data, such as financial records, intellectual property, or employee/customer information. They could also compromise hospitals by connecting to medical devices to obtain health care data, taking them offline and preventing health care delivery.
Zero-Day Exploit Earns Zoom Hackers $200K pcmag.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from pcmag.com Daily Mail and Mail on Sunday newspapers.
PHP s Git server hacked to add backdoors to PHP source code
By
Yesterday, two malicious commits were pushed to the
php-src Git repository maintained by the PHP team on their
git.php.net server.
The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf and Nikita Popov.
RCE backdoor planted on PHP Git server
In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.
The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet.
Get Permission
VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if exploited, could allow attackers to steal administrative credentials.
The platform is designed to offer self-driving IT operations management for private, hybrid and multi-cloud environments in a unified platform powered by artificial intelligence.
VMware issued patches on Tuesday for the flaws CVE-2021-21975, which has a CVSS ranking of 8.6, and CVE-2021-21983, which has a CVSSv3 base score of 7.2.
Egor Dimitrenko of Positive Technologies discovered these vulnerabilities and reported them to VMware.
If the two vulnerabilities are chained together, they could enable an attacker to conduct remote code execution in vRealize Operations, Positive Technologies reports.