QNAP NAS Critical Vulnerability Let Attacker Inject Arbitrary Code

Updates for QNAP’s network-attached storage (NAS) systems have been released to address a critical security flaw that might allow arbitrary code injection. Customers of QNAP are being advised to update their QTS and QuTS firmware in order to fix a critical security flaw. The security flaw is tracked as (CVE-2022-27596) and rated as “Critical” (CVSS […]

The post <strong>QNAP NAS Critical Vulnerability Let Attacker Inject Arbitrary Code</strong> appeared first on Cyber Security News.

Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

The lack of rate-limiting in Instagram was discovered by Gtm Mänôz, a security researcher from Kathmandu, Nepal.  This flaw could have allowed an attacker to bypass Facebook’s two-factor authentication by validating the targeted user’s…

Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads

In an effort to ensure the safety and security of its customers, Apple has taken the necessary steps to address a potentially dangerous vulnerability that has been marked as “Zero-Day” by releasing updates for older iPhone and iPad models. The vulnerability, tracked as CVE-2022-42856, originates from a type confusion weakness within the Webkit web browser […]

The post Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads appeared first on Cyber Security News.

Hackers Using Sliver Framework as an Alternative to Cobalt Strike & Metasploit

Silver is an open-source command-and-control framework that is becoming increasingly popular among malicious actors at current attacks. As threat actors are opting for this option since it offers a viable alternative to commercial tools such as:- Desig…

Chinese Hackers Exploit FortiOS Zero-Day Vulnerability to Deploy New Malware

Mandiant recently reported that a group of hackers originating from China utilized a vulnerability within FortiOS SSL-VPN that had only recently been discovered, and marked as a zero-day exploit, in December.  The hackers targeted both a governmen…

Cisco Unified CM SQL Injection Flaw Let Attackers Execute Crafted SQL Queries

Cisco released fixes for Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition to address high-severity SQL injection vulnerability. “An attacker could exploit this vulnerability by authenticating to the appl…