The Cybersecurity and Infrastructure Security Agency (CISA) in partnership with the Federal Bureau of Investigations (FBI) has jointly issued a Secure by Design Alert in response to threat actor campaigns that exploit operating system (OS) command injection defects in network…
Category: EN
Ransomware Attack Shuts Down LA County Courts, Halts Inmate Transfers, Evictions
The Superior Court of Los Angeles County, the United States’ largest trial court, has suffered a crippling ransomware… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Ransomware Attack Shuts…
SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN. This flaw, identified as CVE-2024-40764, can potentially allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition. The vulnerability has been rated with a…
Microsoft releases CrowdStrike recovery tool – here’s how it works
The new tool offers two recovery options for IT admins fixing computers impacted by the now-infamous CrowdStrike snafu. This article has been indexed from Latest news Read the original article: Microsoft releases CrowdStrike recovery tool – here’s how it works
Vulnerability Summary for the Week of July 15, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 1Panel-dev–1Panel 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts.…
CrowdStrike: The Monday After, (Mon, Jul 22nd)
Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend…
Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack
Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such domains are capable of pretending to be trusted entities, which helps to make individuals disclose their sensitive details or download harmful content. Cybersecurity researchers at…
Who needs ransomware when a faulty software update can shut down critical infrastructure?
This should be the last security wake-up calls for organizations. This article has been indexed from Latest news Read the original article: Who needs ransomware when a faulty software update can shut down critical infrastructure?
Linx emerges from stealth with $33M to lock down the new security perimeter: Identity
Identity management is one of the most common fulcrums around which security breaches have pivoted in the last several years, and one of the main reasons it’s the gift that keeps on giving to malicious hackers is that it’s a…
EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft
Was a 2009 directive on interoperability to blame? Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the…
Heeler Security raises $8.5 million to boost application security
Heeler Security announced the successful closing of an $8.5 million Seed Series funding round, led by Norwest Venture Partners with significant participation from Storm Ventures. “Application security requires a new approach that focuses on runtime visibility and that’s exactly what…
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. “Serverless architectures are attractive to developers and…
India’s Largest Cryptocurrency Exchange WazirX Hacked: $234.9 Million Stolen
India’s largest cryptocurrency exchange WazirX launches bug bounty program “to help recover the stolen funds” as cybercriminals stole… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: India’s Largest Cryptocurrency…
Pioneering the New Frontier in AI Consumer Protection and Cyber Defense
In a groundbreaking move, the first state in the U.S. has passed comprehensive legislation aimed at protecting consumers from the potential risks associated with AI. The new Utah Artificial Intelligence… The post Pioneering the New Frontier in AI Consumer Protection…
Two Russians sanctioned over cyberattacks on US critical infrastructure
Supposed hacktivist efforts previously linked to the Kremlin’s GRU Flying under the radar on Clownstrike day last week, two members of the Cyber Army of Russia Reborn (CARR) hacktivist crew are the latest additions to the US sanctions list.… This…
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update
By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows hosts into a blue-screen-of-death…
CrowdStrike: Key Perspectives on the IT Outage
As experts are now also warning of possible further risks as criminals seek to exploit the IT issues, I am commenting about key steps to be taken strategically to ensure that this situation and ‘harm’ does not impact the customers…
Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed
Daikin, the world’s largest air conditioner manufacturer, has become the latest target of the notorious Meow hacking group. The USA branch of Daikin has been listed as a victim, with hackers demanding a ransom of $40,000. The incident has raised…
What caused the great CrowdStrike-Windows meltdown of 2024? History has the answer
When a trusted software provider delivers an update that causes PCs to immediately stop working across the world, chaos ensues. Last week’s incident wasn’t the first such event. Here’s how to make sure it doesn’t happen again. This article has…
SocGholish malware used to spread AsyncRAT malware
The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and…