CrowdStrike Outage: Microsoft Points Finger at EU Agreement
The blue screen of the death incident caused by the cybersecurity company CrowdStrike is still unfolding. Although the problematic update has been withdrawn, a large number of damaged Windows systems...
View ArticleHardware Acceleration Arrives in OpenBSD, Ending Long Wait
OpenBSD, a Unix-like operating system and a successor of the BSD system, has long lacked support for hardware acceleration. While this omission has little impact on server users, it significantly...
View ArticleMandatory Ransomware Reporting: UK’s New Cyber Defense
The British government has introduced a new Cyber Security and Resilience Bill, aimed at updating existing cybersecurity regulations. The decision was announced in the King’s Speech at the opening of...
View ArticleCVE-2024-39907 (CVSS 9.8): SQLi Flaw Exposes 1Panel Users to Remote Takeover,...
A critical-severity vulnerability has been discovered in 1Panel, an open-source, web-based server management control panel. Designated as CVE-2024-39907, this SQL injection flaw has a CVSS score of...
View ArticlePatchwork Group Expands Cyber Espionage with Advanced Tools
Recently, the Knownsec 404 Advanced Threat Intelligence team identified suspicious activity by the Patchwork group targeting Bhutan. The attack utilized an updated backdoor written in Go, known as...
View ArticleIPFire Fortifies Against SYN Flood Attacks with New Protection Feature
In a significant move to combat the escalating threat of Denial-of-Service (DoS) attacks, IPFire, the renowned open-source firewall distribution, has introduced robust SYN Flood Protection for its...
View ArticleNew ‘False File Immutability’ Vulnerability Poses Significant Threat to...
A newly discovered vulnerability class, termed “False File Immutability” (FFI), has raised serious concerns within the cybersecurity community due to its potential to circumvent Windows Code Integrity...
View ArticleCloudflare WARP Abused to Hijack Cloud Services, Cado Security Report Reveals
Cado Security researchers have recently unveiled several campaigns exploiting Cloudflare’s WARP service to attack vulnerable internet-facing services. WARP, a free VPN service designed to optimize user...
View Article1Panel Users Urged to Patch After Critical SQLi Flaws (CVE-2024-39911, CVSS...
A critical SQL injection vulnerability, collectively endangering millions of Linux servers worldwide found in the popular open-source server management tool, 1Panel. Identified as CVE-2024-39911, this...
View ArticleKimsuky APT: New TTPs Revealed in Rapid7 Cybersecurity Report
Rapid7, a leading cybersecurity firm, has released a comprehensive report detailing the evolving tactics, techniques, and procedures (TTPs) of the Kimsuky advanced persistent threat (APT) group....
View ArticleCVE-2024-33352: BlueStacks Vulnerability Puts Millions of Gamers at Risk
A vulnerability in BlueStacks, a popular Android emulator used by millions of gamers worldwide, has been discovered by security researcher Maciej Miszczyk. The vulnerability, tracked as CVE-2024-33352,...
View ArticleOkta Patches Cross-Site Scripting Flaw (CVE-2024-0981) in Browser Plugin
Okta, a leading identity and access management provider, has recently patched a high-severity cross-site scripting (XSS) vulnerability (CVE-2024-0981) in its browser plugin. This vulnerability affected...
View ArticleOracle Exploit Drains $7.6 Million from Rho Markets, White-Hat Hackers...
Stablecoins USDC and USDT totaling over $7.6 million were withdrawn from the Rho Markets lending protocol, which operates on the Scroll blockchain. A group of white-hat hackers expressed their...
View ArticleNI VeriStand Gateway Vulnerability Exposes Critical Systems to Risk
National Instruments (NI) has issued an urgent security advisory regarding a critical vulnerability in its VeriStand Gateway software, a cornerstone of the VeriStand real-time testing and simulation...
View ArticleGoogle Keeps Third-Party Cookies, Enhances User Control in Chrome
To reconcile the conflict between advertising networks and privacy protection, Google announced years ago that it would gradually phase out third-party cookies to prevent direct user tracking by...
View ArticleNo Deal: Wiz Rejects Google, Sets Sights on IPO
Under the impetus of its cloud computing team, Google previously invested $23 billion to acquire the rapidly growing cloud cybersecurity company Wiz. This company primarily safeguards enterprise cloud...
View Article$115 Million Payout: Oracle Ends User Data Privacy Battle
Oracle has agreed to pay $115 million to settle a two-year class-action lawsuit regarding the improper use of user data. The settlement provides compensation for 220 million affected users. Oracle will...
View ArticleRansomware Attack Forces Closure of LA County Courts
On July 22, all 36 courts of the Superior Court of Los Angeles County, the largest trial court in the United States, were closed to restore systems following a ransomware attack that occurred on... The...
View ArticleOperation PowerOff: Major Blow to Global DDoS-for-Hire Service
The law enforcement agencies of the United Kingdom have reported a successful operation infiltrating the systems of the DDoS service, during which the alleged head of the DigitalStress service was...
View Article17-Year-Old Suspected Cybercriminal Nabbed in UK, Tied to MGM Hack
In the United Kingdom, a 17-year-old youth from Walsall has been detained, suspected of belonging to the notorious cybercriminal group Scattered Spider, which has targeted numerous major organizations...
View Article