Mad Liberator Ransomware Group Exploits Anydesk to Steal Data in Stealthy...
Sophos X-Ops Incident Response team has recently uncovered the tactics of a relatively new ransomware group known as Mad Liberator, which has been active since mid-July 2024. The group has... The post...
View ArticleCVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC...
MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing...
View ArticleGitHub’s August Nightmare: Multiple Disruptions Lead to Global Outage
In a series of unfortunate events, GitHub, the world’s leading software development platform, experienced multiple disruptions throughout August, culminating in a major outage that left developers...
View ArticleCISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities,...
View ArticleRansomEXX Group Exploits Jenkins Vulnerability (CVE-2024-23897) in Major...
On August 1st, India experienced a massive disruption in its banking payment systems due to a ransomware attack on C-Edge Technologies, a service provider for several banks. The Juniper Networks... The...
View ArticleAdobe Issues Critical Security Updates for Commerce and Magento Platforms
Adobe has released a critical security update for its widely-used e-commerce platforms, Adobe Commerce and Magento Open Source. The update addresses a range of vulnerabilities, some of which could...
View ArticlePalo Alto Networks Issues Security Advisories, Urges Updates Amidst 34...
Palo Alto Networks, a leading cybersecurity solutions provider, has sounded the alarm for its users, releasing four security advisories that address a total of 34 vulnerabilities across various...
View ArticleBypassing Windows Hello: Shwmae Tool Debuts at DEF CON 32
At DEF CON 32, a new tool named Shwmae was introduced, capable of bypassing the security of Windows Hello—a biometric authentication system developed by Microsoft. Shwmae is designed for use... The...
View ArticleCVE-2024-42479 (CVSS 10) in Popular Python Package llama_cpp_python Exposes...
A severe security vulnerability has been discovered in the widely-used AI library llama_cpp_python, potentially allowing threat actors to execute malicious code on affected systems remotely. The...
View ArticleWindows TCP/IP Vulnerability CVE-2024-38063: Researchers Hold Back Exploit...
In a recent August Patch Tuesday, Microsoft urgently addressed a critical security vulnerability within the Windows TCP/IP stack, identified as CVE-2024-38063. With a CVSS score of 9.8, this flaw...
View ArticleApple Breaks the Mold: iPhone NFC Opens to Third-Party Payments
For a long time, the iPhone’s NFC functionality was limited to Apple’s own Apple Pay for near-field communication payments. This restriction led to multiple complaints against Apple in the European......
View ArticleBeyond Firewalls: NCSC Explores Cyber Deception’s Potential
The United Kingdom’s National Cyber Security Centre (NCSC) has called upon organizations across the country to extensively implement cyber deception technologies as part of a national strategy for...
View ArticleCVE-2024-33533 to 33536: Zimbra Users at Risk of XSS and LFI Attacks
Zimbra Collaboration, a widely adopted email and collaboration platform disclosed three new security vulnerabilities. These flaws, identified as CVE-2024-33533, CVE-2024-33535, and CVE-2024-33536,...
View ArticleLast Mile Reassembly Attacks Bypass Leading Secure Web Gateways
SquareX, along with its founder Vivek Ramachandran, a renowned cybersecurity expert, recently uncovered a vulnerability in Secure Web Gateway (SWG) systems, which are employed to safeguard corporate...
View ArticleCVE-2024-43360: SQLi Flaw Discovered in Popular Surveillance Software ZoneMinder
ZoneMinder, a widely used open-source video surveillance solution, has been found to contain a critical SQL injection vulnerability that could allow attackers to gain unauthorized access to sensitive...
View ArticleCISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical security vulnerability affecting SolarWinds Web Help Desk (WHD), a widely used IT help desk software. This...
View ArticleEastWind Campaign: New CloudSorcerer Attacks Target Russian Gov Using APT31...
Kaspersky Labs has uncovered a series of sophisticated cyberattacks targeting Russian government organizations and IT companies, now dubbed the “EastWind” campaign. The attacks, which began in late...
View ArticleUnpatched Kubernetes Flaw Leaves Clusters Open to Exploitation: Researcher...
Akamai researcher Tomer Peled has uncovered a concerning design flaw within Kubernetes’ git-sync project. This flaw could potentially enable attackers to execute commands or exfiltrate sensitive data,...
View ArticleCritical Vulnerability Found in Flatpak: CVE-2024-42472 (CVSS 10) Exposes...
A serious security flaw has been discovered in Flatpak, a popular system for distributing and running sandboxed desktop applications on Linux. The vulnerability, tracked as CVE-2024-42472 (CVSS 10),...
View ArticleThe i-Soon Leaks: Germany’s BfV Exposes the Industrialization of Chinese...
A newly released report from Germany’s Federal Office for the Protection of the Constitution (BfV) unveils insights into the operations of the Chinese cybersecurity firm i-Soon. The second installment...
View Article