A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

* Check Point Research (CPR) provides under-the-hood details of its analysis of the infamous Azov Ransomware * Investigation shows that Azov is capable of modifying certain 64-bit executables to execute its own code * Azov is designed to inflict impeccable damage to the infected machine it runs on * CPR sees over 17K of Azov-related samples submitted to VirusTotal

On cybercrime forums, user complaints about being duped may accidentally expose their real identities.

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.

A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.

Pulse Connect Secure is a low-cost and widely-deployed SSL VPN solution for remote and mobile users. Over the years, researchers have found several significant vulnerabilities in the server software, some even resulting in the active exploitation of critical infrastructure by malicious threat actors. In April of 2021, CISA released a report detailing some of these activities, which included exploiting several unknown (at the time) vulnerabilities and resulted in swift action from Ivanti, the Pulse Connect Secure software developer.

Shipping information and order details of thousands of customers worldwide were leaked in September 2020. Read more at straitstimes.com.

Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.

MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Since at least 2017 MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.

APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.

Leaked: The Altrnativ world of cybersurveillance About this series: As co-founder of the French search engine Qwant, Eric Leandri was heralded as a champion of digital privacy and an example of Eur…