Vulnerabilities

Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability

by

The flaw was disclosed to TP-Link in January 2023, with TP-Link releasing a fix last month in a new firmware update. The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms. Researchers first abused the flaw during the Pwn2Own Toronto hacking event in … Read more

First publicly known malware BlackLotus capable of bypassing (UEFI) Secure Boot in the wild

by

BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot. A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. “This bootkit can run even on fully up-to-date Windows 11 systems with UEFI … Read more

Apple Warns of 3 New Vulnerabilities

by

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional … Read more