CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as...
View ArticleSecurity First: Microsoft Overhauls Corporate Policy After Years of Criticism
The technology giant Microsoft is making sweeping changes to its corporate policy, elevating cybersecurity as its paramount priority. Now, every employee, regardless of position, must prioritize data...
View ArticleProtecting Your Android Device from SMS Blaster Fraud
A new wave of text message fraud, dubbed “SMS Blaster” fraud, is exploiting vulnerabilities in cellular communication standards to inject phishing messages directly into smartphones. This method...
View ArticlePanamorfi: New DDoS Campaign Weaponizes Minecraft Tool
Experts at AquaSec have identified a new DDoS attack campaign named “Panamorfi.” These attacks utilize a package called “mineping.jar,” written in Java and designed to launch TCP flood DDoS attacks....
View ArticleCisco Talos Warns of Stealthy NetSupport RAT Campaigns
Cisco Talos experts are actively monitoring several malicious campaigns utilizing NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and regular updates. In...
View ArticleMobile Guardian Security Incident Affects Thousands of Student Devices
The British company Mobile Guardian has acknowledged a security incident on its systems, which resulted in unauthorized access to iOS and ChromeOS devices, rendering them temporarily unavailable. In...
View ArticleApache CloudStack Releases Critical Patches (CVE-2024-42062 and CVE-2024-42222)
The Apache CloudStack project has issued an urgent security advisory, urging users to update their software immediately to address two critical vulnerabilities, CVE-2024-42062 and CVE-2024-42222. These...
View ArticleCisco Small Business IP Phones Affected by Critical Vulnerabilities, No Patch!
In a recent security advisory, Cisco disclosed multiple critical vulnerabilities affecting their Small Business SPA300 and SPA500 Series IP Phones. These vulnerabilities, identified as CVE-2024-20450,...
View ArticleCVE-2024-21302, CVE-2024-38202: Zero-Day Vulnerabilities Expose Windows...
At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches...
View ArticleZero-Day Vulnerability: 18 Years of Exploiting the ‘0.0.0.0’ Flaw
A study revealed a hidden vulnerability that has plagued the world’s largest browsers for 18 years, leaving private and corporate networks susceptible to cyberattacks. Researchers from Oligo Security...
View ArticleBeware Fake Angry IP Scanner Ads: SharpRhino RAT Used by Hunters Group Lurks...
The ransomware group Hunters International has begun utilizing a new C#-based remote access trojan (RAT) named SharpRhino to infiltrate corporate networks. This malicious software aids hackers in...
View ArticlePoC Exploit Released for Apache OFBiz Remote Code Execution Flaw...
Today, cybersecurity researcher Zeyad Azima from SecureLayer7 and Youssef Muhammad have published a proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-38856) in the Apache OFBiz...
View ArticleProposed US Ban on Chinese Tech Impacts Autonomous Vehicles
The United States Department of Commerce plans to propose a ban on the use of Chinese software in autonomous vehicles in the coming weeks, according to Reuters. The proposed legislation will affect...
View ArticleGoogle Reveals Effingo: The Tech Behind Moving 1.2 Exabytes Daily
Google has unveiled the technical details of its internal data transfer tool called Effingo, which moves an average of 1.2 exabytes of information daily. At the SIGCOMM 2024 conference in Sydney, a...
View ArticleSenate Bill to Classify Ransomware Extortion as Terrorism
The U.S. Senate has proposed designating extortion in ransomware attacks as equivalent to terrorism, potentially marking a turning point in the fight against cybercrime. The bill, endorsed by Senate...
View ArticleNHS Supplier Fined £6M for Data Breach After Ransomware Attack
British regulators have imposed a preliminary fine exceeding £6 million on Advanced, a service provider for the National Health Service (NHS). The company failed to adequately protect the information...
View ArticleCrowdStrike Identifies Root Cause of Massive Windows Outage
The cybersecurity company CrowdStrike has disclosed the root cause analysis behind the Falcon Sensor software malfunction, which disrupted the operation of millions of Windows-based devices worldwide....
View ArticleHPE Aruba Networking Addresses Severe Vulnerabilities in Access Points
HPE Aruba Networking has released security updates to address multiple critical vulnerabilities in its Aruba Access Points running InstantOS and ArubaOS 10. These vulnerabilities could potentially...
View ArticleCisco Warns of Public PoC Exploit Code of Critical CVE-2024-20419 (CVSS 10) Flaw
Cisco has recently updated its security advisory, alerting users to a critical vulnerability identified as CVE-2024-20419. This flaw affects the Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem)...
View ArticleGhostHook Framework: A New Fileless Malware Threatens Android Devices
Security researchers from iVerify have recently detected a sophisticated fileless malware-spreading framework named GhostHook, which is currently being circulated across various cybercrime forums and...
View Article