Vulnerabilities – WinCpr.com

Researchers warn of FFDroider and Lightning info-stealers targeting users.

April 11, 2022 by Mark

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,’” Zscaler ThreatLabz researchers Avinash … Read more

New Java framework zero-day vulnerability allows remote code execution

March 31, 2022 by Mark

A new zero-day vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache … Read more

Google Chrome update fixes zero-day attacks

March 26, 2022 by Mark

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild. “Google is aware that an exploit for CVE-2022-1096 exists in the wild,” the browser vendor said in a security advisory published on Friday. The 99.0.4844.84 version is already rolling out worldwide in the Stable Desktop channel, … Read more