Security researchers at Trend Micro have discovered a new campaign which utilizes developers as a means to spread the XCSSET suite of malware to unsuspecting Mac users. XCSSET is a new Mac malware strain that is capable of hijacking Apple’s Safari web browser and injecting malicious JavaScript payloads that can steal passwords, financial data and personal information. While cybercriminals …
Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile.These vulnerabilities have the following identifiers: CVE-2020-8208 CVE-2020-8209 CVE-2020-8210 CVE-2020-8211 CVE-2020-8212 The following versions of Citrix Endpoint Management (CEM) are affected by critical severity vulnerabilities: XenMobile Server 10.12 before RP2 XenMobile Server 10.11 before RP4 XenMobile Server 10.10 before RP6 XenMobile Server before 10.9 RP5 Users affected by these critical severity vulnerabilities are strongly recommended to …
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page via the link provided; https://tools.cisco.com/security/center/publicationListing.x Below are Critical Cisco Vulnerabilities with the relevant links to give a …
An use-after-free memory vulnerability exists in the BIG-IP Edge Client Windows ActiveX component. This vulnerability allows an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafts a malicious webpage and loads it into the Internet Explorer browser by BIG-IP Edge Client users. To determine if your …
GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. The impact of this results in an authenticated, local attacker being able to modify the contents of the GRUB2 configuration file to execute arbitrary code that bypasses signature verification. This could …
The United States Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC); are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. All QNAP NAS devices are potentially vulnerable to …