Attackers are using a "fileless" malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.
Apple released security updates that fix vulnerabilities in iOS, iPadOS, Safari, tvOS and other products.
A cyber attack group dubbed "Tortoiseshell" has deployed a fake website posing as a site to help U.S. military veterans find jobs. The website is then used to download malware to visitors' systems.
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.
Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.
Atlassian has issued a security update for Jira Service Desk Server and Jira Service Desk Data Center. The update includes a fix for a critical URL path traversal vulnerability CVE-2019-14994 that could allow information disclosure.
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 18.104.22.168, which allows the deletion of any server in the Setup page.
VMware issued a security advisory for two vulnerabilities that impact multiple VMware products. The vulnerability severity ranges from a CVSS v3 base score of 4.7 to 8.5.
A new ransomware dubbed TFlower has been targeting corporate environments via exposed remote desktop services (RDS).
Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.