A critical vulnerability (CVE-2024-2169) in Webmin/Virtualmin control panels allows for launching DoS attacks. This flaw reveals IP addresses through the UDP service on port 10000, enabling attackers to create a loop of traffic between servers. This article has been indexed…
Tag: EN
Head Mare Hacktivist Group Targets Russia and Belarus
The group, active since at least 2023, exclusively targets companies in these countries. They use modern techniques to gain initial access to systems, primarily through phishing emails with custom malware like PhantomDL and PhantomCore. This article has been indexed from…
LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks
A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article has been indexed…
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an open-source…
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients…
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally This article has been indexed from www.infosecurity-magazine.com Read the original article: US and Allies Accuse Russian Military of Destructive Cyber-Attacks
Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda takedown, Microchip Technology theft
In today’s cybersecurity news… Planned Parenthood cyberattack Officials from the nonprofit agency have confirmed that a cyberattack has impacted its IT systems, forcing it to take parts of its infrastructure […] The post Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda…
SonicWall Access Control Vulnerability Exploited in the Wild
SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions, causes…
Fog Ransomware Now Targeting the Financial Sector; Adlumin Thwarts Attack
The Fog Ransomware group, known for targeting education and recreation sectors, has expanded its scope to attack financial services organizations, where the attackers exploited compromised VPN credentials to deploy the ransomware, targeting both Windows and Linux endpoints. It has detected…
NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion
NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers made from White Gaussian Noise to create several targeted classes in the model, rather than just one, like most current methods. This approach also helps avoid…
Tropic Trooper Attacks Government Organizations to Steal Sensitive Data
Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group, and it has been active since 2011. This APT group primarily targets government institutions, military agencies, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and…
Ransomware attacks continue to increase in the US, UK, and Canada
Ransomware is one of the most dangerous and fast-growing threats in the digital world today. It’s a type of malware that can lock you out of your files or entire system until you pay a ransom, usually in cryptocurrency. This…
Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report
Passwords and secrets management organisation Keeper Security has earned the distinction of Value Leader in the latest Enterprise Management Associates (EMA) 2024 Privileged Access Management (PAM) Radar™ Report for the second year in a row. The report highlights KeeperPAM –…
Critical Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published
CVE-2024-20017 is a critical zero-click exploit found in popular Wi-Fi chipsets like MediaTek MT7622/MT7915. The vulnerability allows remote code execution without user interaction, posing a severe risk with a CVSS score of 9.8. This article has been indexed from Cyware…
Cequence Security partners with Netskope to provide protection for business-critical APIs
Cequence Security announced a new partnership with Netskope. Through the partnership, Netskope customers can now leverage unique API threat intelligence from the Cequence Unified API Protection (UAP) platform to unlock insights into real-world threats and ultimately strengthen organizational security posture.…
Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution
A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity concerns. These vulnerabilities, identified as Common Vulnerabilities and Exposures (CVEs), enable unauthenticated remote code execution on both Linux and Windows platforms. This article delves into the…
Apache fixed a new remote code execution flaw in Apache OFBiz
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz® is an…
Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report
Passwords and secrets management organisation Keeper Security has earned the distinction of Value Leader in the latest Enterprise Management Associates (EMA) 2024 Privileged Access Management (PAM) Radar™ Report for the second year in a row. The report highlights KeeperPAM –…
Why and How to Secure GenAI Investments From Day Zero
A healthy approach to GenAI is one in which organizations build security protections from the start. Here are tips on how to integrate security into your organization’s GenAI strategy from day zero. The post Why and How to Secure GenAI…
Veza and HashiCorp join forces to help prevent credential exposure
Veza announced a partnership with HashiCorp to deliver an integrated solution for solving modern identity security challenges. Together, the Veza Access Platform and HashiCorp Vault empower joint customers to strengthen their identity security posture by bringing least privilege to the…