Follow @EthHackingNews |
WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy to hack into the computer networks of the Ukrainian government and its allies and steal or destroy sensitive data on behalf of the Kremlin. The i...
Published: 2024-09-05T20:54:19
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10. Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which can be targeted as an initial point of entry int...
Published: 2024-09-04T18:57:46
Sophisticated attack breaks security assurances of the most popular FIDO key. The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to ...
Published: 2024-09-03T17:58:06
Mayor said data was unusable to criminals; researcher proved otherwise. A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by ...
Published: 2024-08-30T20:00:41
Findings undercut pledges of NSO Group and Intellexa their wares won't be abused. Critics of spyware and exploit sellers have long warned that the advanced hacking sold by commercial surveillance vendors (CSVs) represents a worldwide danger because they inevitably find their way into the hands of malicious parties, even when th...
Published: 2024-08-29T21:05:06
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and ot...
Published: 2024-08-28T21:25:04
India's Infosys recruits reportedly subjected to repeated unpaid "pre-training." Indian IT firm Infosys has been accused of being “exploitative” after allegedly sending job offers to thousands of engineering graduates but still not onboarding any of them after as long as two years. The recent graduates have reportedly been tol...
Published: 2024-08-27T21:29:48
Telegram has quietly removed language from its FAQ page saying private chats were protected and that “we do not process any requests related to them.” The change comes nearly two weeks after its CEO, Pavel Durov, was arrested in France for ...
Published: 2024-09-05T23:24:54
Security researchers have detected a vulnerability in YubiKey two-factor authentication tokens that enables attackers to clone the device according to a new security advisory. The vulnerability was discovered within the Infineon cryptograph...
Published: 2024-09-04T07:49:08
Last month, it was discovered that an inactive piece of software that ships on all Google Pixel smartphones presented a potential security vulnerability for device owners. The company quickly said it would remove “Showcase.apk,” which was c...
Published: 2024-09-03T15:55:06
Scammers will then instruct their victims to take out a large sum of cash and deposit it into a Bitcoin ATM which the FTC says scammers may call “safety lockers” to keep their funds secure. Once at the Bitcoin ATM, scammers will send thei...
Published: 2024-09-03T14:30:24
A senior CrowdStrike executive will testify before the House Homeland Security Committee next month about the IT outage that grounded planes and workplaces to a halt globally on July 19th. Adam Meyers, CrowdStrike’s senior vice president o...
Published: 2024-08-30T12:46:06
A Kansas man was sentenced to 24 years in prison after pouring $47.1 million into a pig butchering scam using money from the bank he was in charge of. Shan Hanes, the former CEO of the small Heartland Tri-State Bank, pleaded guilty to emb...
Published: 2024-08-23T12:08:26
Microsoft is hosting an important summit on Windows security at its Redmond, Washington, headquarters next month. The Windows Endpoint Security Ecosystem Summit on September 10th will bring together Microsoft engineers and vendors like Crow...
Published: 2024-08-23T11:00:00
Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...]
Published: 2024-09-06T15:49:08
American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]
Published: 2024-09-06T14:04:32
A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. [...]
Published: 2024-09-06T11:17:29
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. [...]
Published: 2024-09-06T09:20:11
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...]
Published: 2024-09-05T17:33:32
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (als
Published: 2024-09-05T13:59:31
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...]
Published: 2024-09-05T05:15:20
Adrian McCabe, Ryan Tomcik, Stephen Clement Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to d
Published: 2024-08-29T14:00:00
An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in...
Published: 2024-09-03T15:45:49
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California poli...
Published: 2024-08-28T23:55:17
White House floats round two of regulations Feature It sounds like the start of a bad joke: Digital trespassers from China, Russia, and Iran break into US water systems.
Published: 2024-09-07T12:33:09
Not so much when trying to convert coding veterans Google recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language and wants you to do the same, assuming you deal with firmware.
Published: 2024-09-06T21:44:14
The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking giant's online store selling Cisco-branded merch.
Published: 2024-09-06T20:00:06
When maintenance windows are hard to open, a little lubrication helps On Call The Register understands consuming alcohol is quite a popular way to wind down from the working week, but each Friday we get the party started early with a new and sober instalment of On Call, the reader contributed column in which you share stories about the emotional hangovers you've earned delivering tech support.
Published: 2024-09-06T07:28:05
Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info The US Department of Homeland Security is seeking help to assess the security of tech at maritime ports, to safeguard the 13 million jobs and $649 billion of economic activity generated by the nation's docks.
Published: 2024-09-05T23:51:46
Now do your patriotic duty and fill one of those 500k open roles, please? The White House has unveiled a new strategy to fill some of the hundreds of thousands of critical cybersecurity vacancies across the US: Pitch cyber as a national service.
Published: 2024-09-05T22:04:05
Feds post $10M bounty for each of the six's whereabouts The US today charged five Russian military intelligence officers and one civilian for their alleged involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground invasion began.
Published: 2024-09-05T19:44:28
Two critical holes including hardcoded admin credential If you're running Cisco's supposedly Smart Licensing Utility, there are two flaws you ought to patch right now.
Published: 2024-09-05T18:15:08
Are you prepared for the day that quantum computing breaks today's encryption? Sponsored Feature The internet is all about transparency and openness - connecting people and information, shoppers and vendors, or businesses. But it's also all about security and trust.
Published: 2024-09-05T15:08:11
Good news? Security is still getting a growing part of IT budget It looks like security budgets are coming up against belt-tightening policies, with chief security officers reporting budgets rising more slowly than ever and over a third saying their spending this year will be flat or even reduced.
Published: 2024-09-05T14:34:10
Network admins take a ride on the Fright Bus The Transport for London (TfL) "cyber incident" is heading into its third day amid claims that a popular appliance might have been the gateway for criminals to gain access to the organization's network.
Published: 2024-09-05T10:00:11
Allowed access to 150K cameras, some in sensitive spots, but has been done for spamming Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) but the payment won't make good its past security failings, including a blunder that led to CCTV footage being snooped on by miscreants. Instead, the fine is about spam.
Published: 2024-09-05T04:28:07
Russia has seemingly decided who it wants Putin the Oval Office The Biden administration on Wednesday seized 32 websites and charged two employees of a state-owned media outlet connected to a $10 million scheme to distribute pro-Kremlin propaganda, and claimed the actions were necessary to counter Russia's attempts to influence the upcoming US presidential election.
Published: 2024-09-05T02:27:11
Feds warn of 'highly tailored, difficult-to-detect social engineering campaigns' The FBI has warned that North Korean operatives are plotting "complex and elaborate" social engineering attacks against employees of decentralized finance (DeFi) organizations, as part of ongoing efforts to steal cryptocurrency.
Published: 2024-09-05T01:17:42
Big Blue also shifts to Prisma SASE to secure its 250,000 workforce Palo Alto Networks has completed its purchase of IBM's QRadar SaaS offering, spending $500 million to buy up the service's customers and hopefully shift them into its own Cortex platform.
Published: 2024-09-04T22:15:15
Loads of governance issues to worry about, and the chance it might spout utter garbage Microsoft has published a Transparency Note for Copilot for Microsoft 365, warning enterprises to ensure user access rights are correctly managed before rolling out the technology.
Published: 2024-09-04T21:15:12
93GB of info feared pilfered in Montana by heartless crooks Planned Parenthood of Montana's chief exec says the org is responding to a cyber-attack on its systems, and has drafted in federal law enforcement and infosec professionals to help investigate and rebuild its IT environment.
Published: 2024-09-04T20:33:53
Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials The Cicada3301 ransomware, which has claimed at least 20 victims since it was spotted in June, shares "striking similarities" with the notorious BlackCat ransomware, according to security researchers at Israeli outfit endpoint security outfit Morphisec.
Published: 2024-09-04T14:29:06
Unclear if this is a sign controversial service is cleaning up its act everywhere Controversial social network Telegram has co-operated with South Korean authorities and taken down 25 videos depicting sex crimes.
Published: 2024-09-04T04:28:14
Bagging two posh properties, three luxury cars on a govt salary a bit of a giveaway allegedly The US Department of Justice has accused a now-former senior official of the New York State government of illegally advancing the interests of the Chinese government and communist party.
Published: 2024-09-04T00:53:37
Better late than never The White House on Tuesday indicated it hopes to shore up the weak security of internet routing, specifically the Border Gateway Protocol (BGP).
Published: 2024-09-03T22:34:09
Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years.
Published: 2024-09-03T21:30:07
No, Abbey is not really a "pure patriotic girl" Spamouflage, the Beijing-linked trolls known for spreading fake news about American politics, is back with new accounts on X and TikTok that claim to be frustrated US voters in "more aggressive" attempts to influence the upcoming presidential election.
Published: 2024-09-03T18:15:08
Selfie-scraper again claims European law does not apply to it The Dutch Data Protection Authority (DPA) has fined controversial facial recognition company Clearview AI 30.5 million ($33 million) over the "illegal" collation of images.
Published: 2024-09-03T15:30:06
Government body claims there is no evidence of customer data being compromised Transport for London (TfL) responsible for much of the public network carrying people around England's capital is battling to stay on top of an unfolding "cyber security incident."
Published: 2024-09-03T09:40:03
Grey Matter ISV Partner Day will bring together Microsoft-focused ISVs, SaaS Providers and application builders from the UK and Ireland to learn about the latest Microsoft technologies from the software company's own experts.
Published: 2024-09-03T08:51:12
CEO Pavel Durov charged in France, messaging platform insists it abides by EU laws Telegram CEO Pavel Durov, who was cuffed and charged by the French police last week, was "too free" in his approach to managing the global messaging platform, according to Russia's foreign minister.
Published: 2024-09-02T16:35:14
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent's cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.
Published: 2024-09-02T03:06:24
Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more Infosec in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet.
Published: 2024-08-31T18:22:08
The ransomware gang recruits high-profile affiliates from LockBit and ALPHV As RansomHub continues to scoop up top talent from the fallen LockBit and ALPHV operations while accruing a smorgasbord of victims, security and law enforcement agencies in the US feel it's time to issue an official warning about the group that's gunning for ransomware supremacy.
Published: 2024-08-30T23:55:11
Relax, it's just a drill. This time at least US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed.
Published: 2024-08-30T21:00:11
Infosec hounds say they spotted vulnerability during routine travel in the US Updated Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights.
Published: 2024-08-30T13:28:14
Farsi-language posts target possibly-pro-Israel individuals Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation's enemies, including Israel.
Published: 2024-08-30T04:27:08
Apparently made over 100 fake crime reports and bomb threats The US government has indicted two men for allegedly reporting almost 120 fake emergencies or crimes in the hope of provoking action by armed law enforcement agencies.
Published: 2024-08-29T22:28:14
Google researchers note similarities, can't find smoking-gun link Google's Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way.
Published: 2024-08-29T20:03:11
Sordid search history 'evidence' in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employer's systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged after an FBI investigation.
Published: 2024-08-29T18:30:07
Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters Google's Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding with a top payout that's at least twice as substantial.
Published: 2024-08-29T16:30:12
French police reckon financial system targeted during Summer Games Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today.
Published: 2024-08-29T12:32:11
Total revenue for Q2 grew 32 percent CrowdStrike's major meltdown a month ago doesn't look like affecting the cyber security vendor's market dominance anytime soon, based on its earnings reported Wednesday.
Published: 2024-08-29T02:27:08
CrowdStrike, other vendors, friendly govt reps but not anyone who would tell you what happened op-ed Microsoft will host a security summit next month with CrowdStrike and other "key" endpoint security partners joining the fun and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item.
Published: 2024-08-28T22:20:12
If you haven't deployed August's patches, get busy before others do Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.
Published: 2024-08-28T21:20:12
The government-backed crew also enjoys ransomware as a side hustle Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.
Published: 2024-08-28T18:00:06
Authorities probing unwanted intrusion; hard questions ahead Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.
Published: 2024-08-28T16:20:07
Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon Microsoft has fixed flaws in Copilot that allowed attackers to steal users' emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection.
Published: 2024-08-28T13:05:10
Sword or plowshare? That depends on whether you're an attacker or a defender Sponsored Feature Artificial intelligence: saviour for cyber defenders, or shiny new toy for online thieves? As with most things in tech, the answer is a bit of both.
Published: 2024-08-28T09:02:06
Phew! Consumer-grade tracking devices are good for more than finding your keys and stalking Theft of packages is an ongoing problem, so one California woman tried a high tech solution to the problem and her use of Apple's consumer-grade AirTags tracking devices led to two arrests.
Published: 2024-08-28T07:30:15
Ground stations are the perfect place for the Great Firewall to block things China finds unpleasant The multiple constellations of broadband-beaming satellites planned by Chinese companies could conceivably run the nation's "Great Firewall" content censorship system, according to think tank The Australian Strategic Policy Institute. And if they do, using the services outside China will be dangerous.
Published: 2024-08-28T01:58:14
More of a storm in a teacup Today's news that Intel's Software Guard Extensions (SGX) security system is open to abuse may be overstated.
Published: 2024-08-27T19:59:33
The same Beijing-backed cyber spy crew the feds say burrowed into US critical infrastructure update It looks like China's Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director.
Published: 2024-08-27T17:32:28
Cracked Labs examines how workplace surveillance turns workers into suspects Software designed to address legitimate business concerns about cyber security and compliance treats employees as threats, normalizing intrusive surveillance in the workplace, according to a report by Cracked Labs.
Published: 2024-08-27T14:00:15
Plus: Kaspersky’s US business sold, Nigerian sextortion scammers jailed, and Europe’s controversial encryption plans return.
Published: 2024-09-07T11:30:00
The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen.
Published: 2024-09-06T13:00:00
Video and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
Published: 2024-09-06T10:45:00
Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.
Published: 2024-09-05T21:01:38
Unit 29155 of Russia’s GRU military intelligence agency a team responsible for coup attempts, assassinations, and bombings has branched out into brazen hacking operations with targets across the world.
Published: 2024-09-05T17:00:35
With 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks.
Published: 2024-09-05T15:41:52
Using special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.
Published: 2024-09-05T10:30:00
Activists claim Japanese industrial robots are being used to build military equipment for Israel. The robot maker denies the claims, but the episode reveals the complex ethics of global manufacturing.
Published: 2024-09-04T05:00:00
The Navy is testing out the Elon Musk owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.
Published: 2024-09-03T11:00:00
Plus: China-linked hackers infiltrate US internet providers, authorities crack down on a major piracy operation, and a ransomware gang claims attacks during the Paris Olympics.
Published: 2024-08-31T10:30:00
Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.
Published: 2024-08-29T14:17:35
Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.
Published: 2024-08-29T10:00:00
In addition to its long-standing password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm or APT 33 has developed custom malware dubbed “Tickler.”
Published: 2024-08-28T15:19:42
French authorities detained Durov to question him as part of a probe into a wide range of alleged violations including money laundering and CSAM but it remains unclear if he will face charges.
Published: 2024-08-26T21:23:38
Durov has reportedly been detained in France over Telegram’s alleged failure to adequately moderate illegal content on the messaging app. His arrest sparked backlash and left some associates asking, what now?
Published: 2024-08-25T22:01:52
Plus: The US intelligence community formally blames Iran for Trump campaign hack, aircraft-tracking platform FlightAware says a “configuration error” exposed sensitive user data, and more.
Published: 2024-08-24T10:30:00
The Telegram channel and website Deep State uses public data and insider intelligence to power its live tracker of Ukraine’s ever-shifting front line.
Published: 2024-08-23T09:00:00
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained
Published: 2024-09-07T12:58:00
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire
Published: 2024-09-07T12:40:00
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management
Published: 2024-09-06T21:25:00
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In
Published: 2024-09-06T20:44:00
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across
Published: 2024-09-06T20:33:00
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,
Published: 2024-09-06T15:07:00
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. "The plugin suffers from an
Published: 2024-09-06T12:05:00
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid
Published: 2024-09-06T10:52:00
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed
Published: 2024-09-06T09:32:00
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky
Published: 2024-09-05T21:49:00
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1
Published: 2024-09-05T21:35:00
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),
Published: 2024-09-05T17:34:00
It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally
Published: 2024-09-05T14:49:00
Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed
Published: 2024-09-05T13:15:00
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that
Published: 2024-09-05T10:33:00
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account
Published: 2024-09-05T10:10:00
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for
Published: 2024-09-04T21:22:00
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National
Published: 2024-09-04T19:06:00
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package
Published: 2024-09-04T18:30:00
Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection. "The improper neutralization of special elements in the
Published: 2024-09-04T16:57:00
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, "Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them" argues that the
Published: 2024-09-04T16:57:00
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of 30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an "illegal database with billions of photos of faces," including those of Dutch citizens. "Facial recognition is a highly intrusive technology that you
Published: 2024-09-04T14:13:00
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers
Published: 2024-09-04T11:01:00
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
Published: 2024-09-03T18:59:00
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity
Published: 2024-09-03T18:46:00
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said. "Finally, it can use all this exfiltrated
Published: 2024-09-03T15:07:00
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is
Published: 2024-09-03T13:00:00
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. "If successful, the adversary could gain any privileges already granted to the affected
Published: 2024-09-03T09:31:00
A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was
Published: 2024-09-03T07:28:00
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,
Published: 2024-09-02T19:03:00
The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management. AI is poised to revolutionize vulnerability
Published: 2024-09-02T14:25:00
The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate
Published: 2024-09-02T12:30:00
Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx
Published: 2024-09-02T09:06:00
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which has made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.
Published: 2024-08-31T21:05:00
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to
Published: 2024-08-30T18:34:00
Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (
Published: 2024-08-30T16:45:00
The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of
Published: 2024-08-30T16:12:00
Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool. "The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing a significant threat to
Published: 2024-08-30T15:50:00
Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and
Published: 2024-08-30T11:55:00
A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO / Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the
Published: 2024-08-30T11:49:00
Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The
Published: 2024-08-30T11:47:00
Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,
Published: 2024-08-30T11:42:00
A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is
Published: 2024-08-29T21:45:00
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement
Published: 2024-08-29T21:29:00
U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to
Published: 2024-08-29T17:12:00
Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing
Published: 2024-08-29T16:56:00
A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle
Published: 2024-08-29T16:35:00
French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized
Published: 2024-08-29T10:11:00
Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. "The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are
Published: 2024-08-28T21:44:00
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users
Published: 2024-08-28T19:18:00
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these vulnerabilities: At the end of August, […]
Published: 2024-09-07T16:19:40
A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations. The plugin offers site acceleration through server-level caching and various optimization features. The LiteSpeed Cache plugin […]
Published: 2024-09-07T11:13:28
Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information. “We discovered on August […]
Published: 2024-09-06T21:48:20
Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management […]
Published: 2024-09-06T18:59:17
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz is an open source product for the automation of enterprise processes that includes framework components and business […]
Published: 2024-09-06T08:13:21
The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its […]
Published: 2024-09-06T07:09:50
Veeam addressed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. Veeam security updates to address multiple vulnerabilities impacting its products, the company fixed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. The most severe flaw included in the September 2024 security bulletin is a critical, […]
Published: 2024-09-05T19:57:35
The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]
Published: 2024-09-05T13:15:02
A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that […]
Published: 2024-09-05T10:02:17
Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]
Published: 2024-09-05T08:33:20
US Charges Russian Military Officers For Unleashing Wiper Malware On Ukraine
Planned Parenthood Confirms Attack Claimed By RansomHub
Apache Makes Another Attempt At Patching Exploited RCE In OFBiz
Recent SonicWall Firewall Vuln Exploited In The Wild
Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation
Russian Doppelganger Campaign Exposed
White House's New Fix For Cyber Job Gaps: Serve The Nation In Infosec
North Korean Hackers Target Job Seekers With Fake App
Cisco Patches Critical Vulns In Smart Licensing Utility
US Targets Election Influence Operation With Charges, Sanctions, Domain Seizures
Colorado Tops List Of Cyberattacks Per Capita In The US
Ukrainian Drones Now Spray Thermite Streams Right Into Russian Trenches
Security Boom Is Over, With Over 1/3 Of CISOs Reporting Flat Or Falling Budgets
VMware Fusion13.x Code Execution Bug Patched
Ex-Senior New York State Staffer Charged In Cash-For-Favors Scandal With China
Cicada Ransomware May Be A BlackCat/ALPHV Rebrand And Upgrade
Zyxel Patches Critical Vulns In Networking Devices
FBI: North Korea Aggressively Hacking Cryptocurrency Firms
White House Thinks It's Time To Fix The Insecure Glue Of The Internet: Yup, BGP
Stop Scanning Random QR Codes
Infineon's Cryptographic Library Suffers From An ECDSA Private Key Recovery Vulnerability
Transport For London Confirms Cyberattack
Intel Responds To SGX Hacking Research
Halliburton Says Hackers Removed Data In Cyberattack
Hacker Leaks Data Of 390 Million Users From VK, A Russian Social Network
US Gov Removing Four-Year-Degree Requirements for Cyber JobsIndustry Moves for the week of September 2, 2024 - SecurityWeek
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
Cybersecurity M&A Roundup: 36 Deals Announced in August 2024
Veeam Patches Critical Vulnerabilities in Enterprise Products
LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks
CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability
Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage
Ransomware Gang Claims Cyberattack on Planned Parenthood
CISA Launches New Portal to Improve Cyber Reporting
Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024
Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts
FBI and CISA Release Joint PSA, Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting
CISA Releases Secure by Demand Guide
CISA Names First Chief Artificial Intelligence Officer
CISA Releases Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle
CISA and FBI Release Joint PSA: Putting Potential DDoS Attacks During the 2024 Election Cycle in Context
Statement from CISA Director Easterly on Leadership Changes at CISA
CISA Releases Playbook for Infrastructure Resilience Planning
Learn with Region 8’s Webinar Program
Shaping the legacy of partnership between government and private sector globally: JCDC
SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices
Region 10 Team Provides Vital Election Security Training for Idaho
SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology
SAFECOM Releases New Resource for Cloud Adoption
With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software
SAFECOM and NCSWIC Publish Fall 2023 Joint SAFECOM-NCSWIC Bi-Annual Meeting Executive Summaries
NCSWIC’s Planning, Training, and Exercise Committee releases “Set Your PACE Plan” Flyer
NCSWIC Planning Training, and Exercise Committee releases the Human Factors Resource Guide
Baxter Connex Health Portal
Russian Military Cyber Actors Target US and Global Critical Infrastructure
CISA Releases Four Industrial Control Systems Advisories
Hughes Network Systems WL3000 Fusion Software
FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure
CISA Releases One Industrial Control Systems Advisory
CISA Adds Three Known Exploited Vulnerabilities to Catalog
LOYTEC Electronics LINX Series
CISA and Partners Release Advisory on RansomHub Ransomware
CISA Releases Three Industrial Control Systems Advisories
[webapps] NoteMark < 0.13.0 - Stored XSS
[webapps] Gitea 1.22.0 - Stored XSS
[webapps] Invesalius3 - Remote Code Execution
[dos] Windows TCP/IP - RCE Checker and Denial of Service
[webapps] Aurba 501 - Authenticated RCE
[webapps] HughesNet HT2000W Satellite Modem - Password Reset
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
[webapps] Helpdeskz v2.0.2 - Stored XSS
[webapps] Calibre-web 0.6.21 - Stored XSS
[webapps] Devika v1 - Path Traversal via 'snapshot_path'
[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
[local] Oracle Database 12c Release 1 - Unquoted Service Path
[webapps] Ivanti vADC 9.9 - Authentication Bypass
[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
[webapps] Microweber 2.0.15 - Stored XSS
[webapps] Customer Support System 1.0 - Stored XSS
[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
[webapps] Boelter Blue System Management 1.3 - SQL Injection
[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
[webapps] XMB 1.9.12.06 - Stored XSS
[webapps] Carbon Forum 5.9.0 - Stored XSS
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
[webapps] Dotclear 2.29 - Remote Code Execution (RCE)
[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
[webapps] Aquatronica Control System 5.1.6 - Information Disclosure
[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)
[SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78)
[SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395)
[SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312)
[SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269)
[SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434)
[SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23)
Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH)
HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage
Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials
Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution
Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage
[SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284)
[SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection (CWE-89)
[SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352)
[SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79)
Security fixes available in Python 3.13.0RC2, 3.12.6, 3.11.10, 3.10.15, 3.9.20, and 3.8.20
CVE-2024-45751: CHAP authentication bypass in user-space Linux target framework (tgt) up to v1.0.92
libpcap 1.10.5 released with two security fixes
CVE-2024-7012, CVE-2024-7923: Authentication bypass in Foreman & Pulpcore
CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes
CVE-2024-45498: Apache Airflow: Command Injection in an example DAG
Re: Linux kernel: memory leak in arch/powerpc/platforms/powernv/opal-irqchip.c: opal_event_init()
Go 1.23.1 and Go 1.22.7 released with 3 security fixes
[OSSA-2024-003] OpenStack Ironic: Unvalidated image data passed to qemu-img (CVE-2024-44082)
CVE-2024-43402: Rust before 1.81.0 didn't fully fix argument escaping for batch files
Re: CVE-2024-45310: runc can be tricked into creating empty files/directories on host
Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05)
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing)
CPython: [CVE-2024-6232] Regular-expression DoS when parsing TarFile headers
A recent incident involving a China-linked threat actor compromising an internet service provider (ISP) has highlighted the need for secure software update mechanisms, emphasizing the importance of DNS over HTTPS or TLS and robust signature checks to prevent similar attacks.
Published: Tue Aug 6 13:56:13 2024
Follow @EthHackingNews |