Vulnerability Summary for the Week of August 1, 2022


@acrontum — filesystem-template   The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. 2022-08-05 not yet calculated CVE-2022-21186CONFIRMCONFIRM Ittiam — libmpeg2   Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. 2022-08-05 not yet calculated CVE-2022-37416MISCMISC […]

Former Twitter Employee Found Guilty of Spying for Saudi Arabia


A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years […]

Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers


The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the […]

Hackers Behind Twilio Breach Also Targeted Cloudflare Employees


Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued […]

The Business of Hackers-for-Hire Threat Actors


Today’s web has made hackers’ tasks remarkably easy. For the most part, hackers don’t even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach […]

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered […]