Alerts

The Malawi Computer Emergency Response Team warns cisco customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) […]

Malawi CERT advices google services users about a malware that is using the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close

Malawi CERT warns of a zero-day security flaw in Telegram’s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. Attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files,” a security researcher said in a report. It’s

Malawi CERT warns about a new information stealer targeting Apple macOS systems that’s designed to set up persistence on the infected hosts and act as a spyware. Hackers are using a new Mac malware to launch attacks against both newer Macs running Apple Silicon as well as older Intel-based Macs. Cuckoo, like the MacStealer macOS

Domain slamming is a scam in which the offending domain name registrar attempts to trick domain owners into switching from their existing registrar to theirs, under the pretense that the customer is simply renewing their subscription to their current registrar. Malawi CERT warns about seemingly urgent emails from a ‘Domain Registry in China’, claiming that

The Malawi Computer Emergency Response Team (Malawi CERT)warns about a widespread Facebook phishing campaign stating, “I can’t believe he is gone. I’m gonna miss him so much,” leads unsuspecting users to a website that steals your Facebook credentials. The Facebook phishing posts come in two forms, with one simply stating, “I can’t believe he is

The Malawi Computer Emergency Response Team (Malawi CERT)warns about pirated applications that are targeting Apple macOS users containing a backdoor capable of granting attackers remote control to infected machines.”These applications are being hosted on Chinese pirating websites in order to gain victims,” a Threat Labs researcher said. Once detonated, the malware will download and execute

The Malawi Computer Emergency Response Team (Malawi CERT) warns of an actively exploited vulnerability in the Chrome web browser, tracked as CVE-2023-2033. This vulnerability poses a high-severity risk and has been described as a type confusion issue in the V8 JavaScript engine. The vulnerability could potentially allow cybercriminals to access your vulnerable system. To address

The Malawi Computer Emergency Response Team (Malawi CERT) warns of a vulnerability reported by HP concerning certain LaserJet printer models. The vulnerability, identified as CVE-2023-1707 and assigned a critical severity score of 9.1, could result in the disclosure of sensitive information. It affects specific HP Enterprise LaserJet and HP LaserJet Managed Printers that have IPsec

The Malawi Computer Emergency Response Team (Malawi CERT) cautions against a concerning cybersecurity trend where malicious browser add-on extensions are being used to steal personal data from unsuspecting users. A recent example is the fake ChatGPT-branded Chrome browser extension, identified as a tool used by cybercriminals to hijack Facebook accounts and compromise users’ personal information.