CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed
A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as...
View Article35,000 Bots, 180 Countries: Inside the Criminal Network of the NSOCKS Botnet
A recent report by Black Lotus Labs at Lumen Technologies has exposed the scale and sophistication of the NSOCKS botnet, a criminal proxy network built on the infamous ngioweb botnet.... The post...
View ArticleRuckus Networks Issues Security Advisory for Critical RCE Vulnerability in...
Ruckus APs running specific software versions are vulnerable to unauthenticated remote code execution attacks. Ruckus Networks has issued a security advisory warning of a critical remote code execution...
View ArticleNew Attack Vector: Misconfigured Jupyter Servers Targeted for Illegal Streaming
Aqua Nautilus security researchers have uncovered a novel attack vector where threat actors exploit misconfigured servers, particularly JupyterLab and Jupyter Notebook environments, to hijack computing...
View ArticleVeritas Enterprise Vault Vulnerability Could Allow Remote Code Execution
Veritas has released a security advisory regarding a critical remote code execution (RCE) vulnerability affecting multiple versions of its Enterprise Vault (EV) software. Rated as a CVSS v3.1 score...
View ArticleLIMINAL PANDA – A Chinese State-Sponsored Espionage Targeting Telecoms
CrowdStrike has revealed a new China-nexus state-sponsored adversary tracked as LIMINAL PANDA, which has been systematically targeting telecommunications providers since at least 2020. This revelation...
View ArticleFrostyGoop: New ICS Malware Exploits Modbus TCP Protocol
Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in...
View ArticleWorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit...
Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race...
View Article2024 CWE Top 25: Critical Software Weaknesses Revealed
The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a critical roadmap for addressing the most pervasive and hazardous vulnerabilities that plague modern......
View ArticleEarth Kasha Expands Operations: New LODEINFO Malware Hits Government and...
In a detailed report by Trend Micro, the emergence of a new LODEINFO malware campaign has been linked to Earth Kasha, a threat group operating within what the researchers term... The post Earth Kasha...
View ArticleCVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in...
Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could...
View ArticlePhishing Scheme Nets Millions in Cryptocurrency, Five Charged
The U.S. Department of Justice announced charges against five individuals accused of orchestrating a sophisticated phishing scheme that targeted employees across the nation. The defendants allegedly...
View ArticleCVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution
A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a...
View ArticlePDFFlex: Analyzing PUA Persistence and Evasion Techniques
Security researcher Jeff Kieschnick from LevelBlue uncovered the stealthy tactics of a Potentially Unwanted Application (PUA) masquerading as a PDF conversion tool. The report details the crafty...
View ArticleCVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published
A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security researcher Ebrahim Shafiei...
View ArticleCritical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities in VMware vCenter Server that are currently being exploited in the...
View ArticleMisakaNetwork: Blockchain Botnet Threatens npm Ecosystem
A recent analysis by security researcher Kirill Boychenko at Socket has unveiled a sophisticated npm malware campaign that blends traditional supply chain attack techniques with modern blockchain...
View ArticleSync-Scheduler Malware: Unveiling a Sophisticated Espionage Attack
In a detailed report, the BlackBerry Research and Intelligence Team has revealed a highly targeted cyber espionage campaign against the Pakistan Navy, executed by a sophisticated and likely...
View ArticleCVE-2024-52067: Sensitive Data Exposed in Apache NiFi Debug Logs
A newly discovered vulnerability in Apache NiFi could inadvertently expose sensitive parameter values in debug logs, potentially compromising confidential information. The flaw, tracked as...
View ArticleVolt Typhoon: Chinese State-Sponsored APT Targets U.S. Critical Infrastructure
The Tenable Security Response Team has uncovered critical details about Volt Typhoon, a state-sponsored Advanced Persistent Threat (APT) group linked to the People’s Republic of China. The group has...
View Article