Vulnerabilities & Exploits

PyRoMineIoT malware infects systems with a Monero miner, spreads using RCE EternalRomance by removing or modifying accounts and passwords with privileged access, and scans for vulnerable Internet of Things devices for possible future attacks.

A vulnerability found in websites’ cache infrastructure and content delivery networks can be used to spread malware, and an API vulnerability in Mozilla Firefox can be used to have partial control via plug-ins for a DDoS attack.

Server keys can be exposed due to proxy vulnerabilities in a popular development software program, making them prone to attacks and theft of sensitive information.

Vulnerabilities in the popular open-source management software Git could be abused to trawl contents of a repository memory and execute a code with a malicious hook.

Researchers reported that a bug in the Comcast website revealed a customer’s full address, Wi-Fi name and password, simply by entering the customer ID and a part of the subscription address.

A researcher found MEWKit targeting MyEtherWallet users in a phishing campaign, draining online wallets unnoticed through an automated transfer system, as well as getting their login and exchange credentials.

Researchers found an online demonstration tool that can be exploited to get highly accurate real time location data of unsuspecting users.

Researchers found an ongoing campaign targeting an EOL server to mine Electroneum cryptocurrency.

Attackers can extract messages from encrypted emails using the eFail attack, which exploits known vulnerabilities. Several of the most widely used email clients are affected.