25 Dec, 2024

CUPS flaws enable Linux remote code execution, but there’s a catch

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. Tracked as CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters) and discovered by Simone Margaritelli, these security flaws don’t affect systems in their default configuration. CUPS (short for […]

4 mins read

New RomCom malware variant ‘SnipBot’ spotted in data theft attacks

A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. Palo Alto Network’s Unit 42 researchers discovered the new version of the malware after analyzing a DLL module used in SnipBot attacks. The latest SnipBot campaigns appear to target a variety of […]

4 mins read

Kia dealer portal flaw could let attackers hack millions of cars

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect […]

3 mins read

Automattic blocks WP Engine’s access to WordPress resources

WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. The open-source project claims that the move comes in response to WP Engine’s alteration of a WordPress core feature for its own profit and its blocking of […]

4 mins read

Fake WalletConnect app on Google Play steals Android users crypto

A crypto draining app mimicking the legitimate ‘WalletConnect’ project has been distributed over Google Play for five months getting more than 10,000 downloads. The malicious app used the name WallConnect and posed as a lightweight Web3 tool with various blockchain functionalities, offering to act as a proxy between cryptocurrency wallets and decentralized applications (dApps). The real […]

2 mins read

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. The vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) can be exploited by sending specially crafted packets to the PAPI (Aruba’s Access Point management protocol) UDP port […]

2 mins read

Google sees 68% drop in Android memory safety flaws over 5 years

The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. This is well below the 70% previously found in Chromium, making Android an excellent example of how a large project can gradually and methodically move to […]

4 mins read

Winamp releases source code, asks for help modernizing the player

The iconic Winamp media player has fulfilled a promise made in May and released its complete source code on GitHub, inviting developers to collaborate on the project. Winamp is a media player launched in 1997 by Nullsoft, which gained massive popularity in the following years, coinciding with the rise of MP3s music files. The player featured a […]

2 mins read

Palworld for PlayStation 5 Is Out Now

Pocketpair and Nintendo are currently tackling a lawsuit, with Nintendo suing them over patent infringement. While it wasn’t confirmed, it was suspected by many that the reason Pocketpair pulled out of Tokyo Game Show as an exhibitor was due to the lawsuit. Despite this, a brand-new trailer for Palworld was shown today during the PlayStation State of […]

2 mins read

Assassin’s Creed Shadows release date delayed to 2025

Ubisoft is delaying Assassin’s Creed Shadows from its planned November 15th release to February 14th, 2025. After showing off 12 minutes of gameplay in June, it looked like Ubisoft was set to deliver its next Assassin’s Creed installment in the usual holiday period, but now, the publisher says it needs more time to get its new parkour and stealth systems […]

2 mins read