Multiple Vendor Vulnerabilities Reported on Lenovo Products
Multiple Vendor Vulnerabilities Reported on Lenovo Products
  • Alert & Advisory
  • September 22, 2022

According to Lenovo, multiple vulnerabilities have been discovered in Lenovo products. These high-severity vulnerabilities could allow an authenticated local attacker to circumvent security restrictions, gain elevated privileges, execute arbitrary code on the targeted system, gain sensitive information, and exploit this vulnerability by also sending a specially crafted request to the targeted user.

Multiple Vulnerabilities Reported in Zoom
Multiple Vulnerabilities Reported in Zoom
  • Alert & Advisory
  • September 21, 2022

Zoom Products have been found to have a number of flaws by the Indian Computer Emergency Response Team (CERT-In). A remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.

Beware of Malicious Web Browser Extensions
Beware of Malicious Web Browser Extensions
  • Alert & Advisory
  • September 13, 2022

In the first half of 2022, there was an increase in attempted downloads of malicious web browser extensions. These malicious extensions promise to speed up your browser but instead steal your data by redirecting users to phishing sites and inserting affiliate IDs into eCommerce site cookies. The investigation uncovered five (5) extensions with a total install base of over 1,400,000 and varying degrees of malicious capability.

SharkBot Malware Infiltrates Google Play Store
SharkBot Malware Infiltrates Google Play Store
  • Alert & Advisory
  • September 5, 2022

A new and improved variant of the SharkBot malware has been discovered in the form of a device optimization and antivirus app on the Google Play Store. This malware is said to be targeting Android users' banking logins via apps with tens of thousands of installations.

WordPress Websites Compromised With Fake DDoS Protection Page
WordPress Websites Compromised With Fake DDoS Protection Page
  • Alert & Advisory
  • August 23, 2022

Threat actors are targeting WordPress-powered websites by injecting a malicious Javascript payload that displays a bogus CloudFare DDoS (Distributed Denial of Service) protection page. Because such DDoS checks have become the norm while browsing the web, unsuspecting internet users will be duped into believing it is genuine, and will be infected with a RAT (Remote Access Trojan) and Information-Stealer as a result.

Related Articles