380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. orginal source link
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. orginal source link
iPhones Vulnerable to Attack Even When Turned Off
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware. orginal source link
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service
An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. orginal source link
Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses. orginal source link
Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges. orginal source link
Security Turbulence in the Cloud: Survey Says…
Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. orginal source link
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. orginal source link
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. orginal source link
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today’s modern cloud-dependent infrastructures. orginal source link
CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2
CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2 Severity Critical Vendor Spring by VMware Versions Affected Description Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a…
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. orginal source link
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what’s next for public-cloud security, including top risks and how to implement better risk management. orginal source link
Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage. orginal source…
‘CatalanGate’ Spyware Infections Tied to NSO Group
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. orginal source link
Cyberattackers Put the Pedal to the Medal: Podcast
Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. orginal source…
Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims. orginal source link
Feds Shut Down RaidForums Hacking Marketplace
The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. orginal source link
CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability
CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability Severity Low Vendor Spring by VMware Versions Affected Description In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions,…
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. orginal source link
Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. orginal source link
MacOS Malware: Myth vs. Truth – Podcast
Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it. orginal source…
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages. orginal source link
Authorities Fully Behead Hydra Dark Marketplace
The popular underground market traded in drugs, stolen data, forged documents and more — raking in billions in Bitcoin. orginal source link
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. orginal source link
MAINPIPE