A pair of critical vulnerabilities have been found in the popular MyBB forum/bulletin software, which an unprivileged remote attacker can exploit to achieve RCE on targeted sites.

https://thehackernews.com/2021/03/critical-rce-flaw-reported-in-mybb.html
MyBB v1.8.26 released to patch reported issues. Update Now!

A new 'unpatched bug' in Zoom's screen-sharing feature could let other attendees in calls access restricted applications and leak sensitive information.

Read more: https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html

Watch Out—Hackers are leveraging trojanized Xcode projects in a newly spotted supply-chain attack to compromise macOS systems belonging to Apple platform developers with a backdoor.

Read: https://thehackernews.com/2021/03/hackers-infecting-apple-app-developers.html

U.S. Department of Justice announces updates on 2 separate hacking cases:

—a Swiss hacktivist charged for theft and fraud.
—a Russian who planned to plant ransomware in the Tesla company pleads guilty.
Details: https://thehackernews.com/2021/03/tesla-ransomware-hacker-pledges-guilty.html

A critical vulnerability (CVE-2021-22986 / CVSS score: 9.8) affecting F5's BIG-IP and BIG-IQ products is UNDER ACTIVE ATTACKS after a PoC exploit was posted online.

Read details: https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

A high severity RCE vulnerability (CVE-2021-26295) has been found in Apache OFBiz that could let unauthenticated, remote hackers seize control of the enterprise resource planning (ERP) systems.

Read details: https://thehackernews.com/2021/03/critical-rce-vulnerability-found-in.html

A patched version has now been released. Update your software immediately.

Several critical vulnerabilities have been discovered in popular remote teaching and student monitoring software Netop Vision Pro that attackers could abuse to malicious to execute arbitrary code and take over students computers.

Read details: https://thehackernews.com/2021/03/popular-netops-remote-learning-software.html

🔥BEWARE! Google warns of a newly discovered 0-day vulnerability affecting Android devices with Qualcomm chipsets that is being used by hackers to launch targeted attacks.

Read details: https://thehackernews.com/2021/03/warning-new-android-zero-day.html

CISA warns of newly disclosed critical security vulnerabilities in GE's Universal Relay (UR) family of power management devices that pose a threat to the security of IEC Electrical Utilities.

Read: https://thehackernews.com/2021/03/critical-flaws-affecting-ges-universal.html

Purple Fox rootkit malware gains wormable capabilities to spread itself to other Windows computers.

Details: https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html

Facebook has smashed a network of hackers from China who used its social media platform to hack the Uyghur Muslims living abroad by tricking them into downloading malware designed to spy on their computers and smartphones.

Read details: https://thehackernews.com/2021/03/chinese-hackers-used-facebook-to-hack.html

WATCH OUT! Cisco Jabber messaging software for Windows, macOS, Android, and iOS contains critical vulnerabilities that could allow hackers to hijack your devices remotely.

Details on this, patches and 37 other Cisco advisories: https://thehackernews.com/2021/03/critical-cisco-jabber-bug-could-let.html

Black Kingdom ransomware is hunting unpatched #Microsoft Exchange servers affected by ProxyLogon vulnerabilities.

Read: https://thehackernews.com/2021/03/black-kingdom-ransomware-hunting.html

Warning — SolarWinds Orion Platform has been found vulnerable to a new critical remote code execution (RCE) vulnerability via JSON deserialization.

Read: https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html
Patches have been released for this and 3 other vulnerabilities.
#infosec #cybersecurity

🔥 Researchers discover new vulnerabilities in 5G network slicing that could expose priority users (i.e., mission-critical sectors) to location tracking and service disruption attacks.

Read details: https://thehackernews.com/2021/03/new-5g-flaw-exposes-priority-networks.html

OpenSSL has released security patches for 2 new high-severity vulnerabilities that could be exploited to perform DoS attacks (CVE-2021-3449) and bypass certificate verification (CVE-2021-3450).

Read details — https://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html

🔥 Apple yesterday released an URGENT PATCH UPDATE for all of its devices running iOS, iPadOS, macOS, and watchOS to fix another WebKit zero-day vulnerability (CVE-2021-1879) that is being exploited in the wild.

Details: https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

⚠️Attention — This Android system update notification can install powerful spyware on your device, capable of stealing a massive amount of information--from browser searches to audio and phone call recording.

Read: https://thehackernews.com/2021/03/watch-out-that-android-system-update.html

🔥 ATTENTION — Someone hacked PHP's git server and pushed two new updates to insert a secret RCE backdoor into its source code.

Read more about this latest supply-chain cyberattack on the widely used #programming language: https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html

A set of new vulnerabilities in Linux-based operating systems could allow attackers to bypass mitigations for speculative attacks like Spectre and obtain sensitive information from kernel memory.

Read details: https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html

🔥 MobiKwik, India's popular mobile payment service, suffered a major security breach in which the identity and payment details of over 3.5 million users—including KYC documents (8.2 TB)—were stolen by an unknown hacker.

Details: https://thehackernews.com/2021/03/mobikwik-suffers-major-breach-kyc-data.html