Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first t

Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.The company warned on Thursday that its Product Security Incident Response Team (PSIRT) is "aware that proof-of-concept exploit code is available" and that the "vulnerabil

On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.A team from ​​Qr

Recently, a Go-based botnet, Zerobot, was seen spreading in the wild. It took advantage of nearly two dozen different security vulnerabilities found in IoT devices and other software. The malware infects devices with a DDoS botnet, which launches powerful attacks against specified targets.The campaign allegedly began after November 18, and primarily singles

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co

Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.Google TAG was made aware of this recent attack on October 31 when multiple VirusTotal submitters from South Korea uploaded a

A new Go-based malware named ‘Zerobot’ has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.The purpose of the malware is to add compromised devices to a distributed denial-of-serv

Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. “This botn

On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.The competition organized by Trend Micro’s Zero Day Initiative (ZDI) offers significant prizes for hacking mobile phones, wireless routers, home automation hubs, printers, smart speaker

As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.   This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that ar

Last week, Netgear released hotfixes for a network misconfiguration in Nighthawk RAX30 (AX2400) routers that could allow a remote attacker to gain unrestricted access to services otherwise intended for the local network.The bug existed because the WAN interface of these devices had IPv6 enabled by default, but did not apply for IPv6 traffic access restrictio

The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks.The flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users.In a security advisory published righ

To gain control of infected systems and, likely, to construct a botnet network, a new Go-based malware is targeting Redis servers. The attacks exploited a critical security flaw to plant a hidden backdoor and enable command execution.Redis (Remote Dictionary Server) is an open-source, in-memory data structure store, used by developers as a database, cache, a

Introduction If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, we highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, we wrote about ransomware borrowing these propagation me

Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug