While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. This article has been indexed from Securelist…
Tag: EN
Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours
The widely used LiteSpeed Cache plugin for WordPress is being actively exploited through a critical security vulnerability, CVE-2024-28000, with over 30,000 attack attempts blocked in just 24 hours. This article has been indexed from Cyware News – Latest Cyber News…
Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year
Google released an emergency security update to fix the ninth zero-day vulnerability exploited in attacks this year. The vulnerability, known as CVE-2024-7971, involves a type confusion weakness in Chrome’s V8 JavaScript engine. This article has been indexed from Cyware News…
Kick off early Octoberfest with an EUC-fest
Visit IGEL’s DISRUPT Munich event this September to learn more about the latest end user computing technologies Sponsored Post The IGEL DISRUPT Munich event promises an opportunity to explore the latest innovations in end user computing (EUC), with a focus…
Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites
A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user. The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on SecurityWeek. This article…
Novel Android Malware Steals Card NFC Data For ATM Withdrawals
ESET claims new NGate Android malware relays NFC data to steal card details for ATM cash-out This article has been indexed from www.infosecurity-magazine.com Read the original article: Novel Android Malware Steals Card NFC Data For ATM Withdrawals
Security Flaws in UK Political Party Donation Platforms Exposed
The donation websites of the UK’s seven major political parties are missing critical security features to protect the accounts of donors, according to DataDome This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Flaws in UK Political…
What Triggers a CISO?
CISOs are familiar with dealing with stress, making high-stakes decisions, and operating in an industry of unknown unknowns. But there are some things that still get under their skin and […] The post What Triggers a CISO? appeared first on…
Navigating the Challenges of AI in Software Development: A Call to Action to Comply with the EU AI Act
In today’s rapidly evolving software development landscape, Artificial Intelligence (AI) and Machine Learning (ML) have emerged as significant threat vectors. Organizations worldwide are witnessing a surge in targeted attacks aimed at software developers, data scientists, and the infrastructure supporting the…
The 8 Most Common Website Design Mistakes According to Pros
We’ve all encountered websites that are legitimate, but feel clunky, slow, and frustrating to navigate. A website’s first impression directly impacts how users perceive a business’s quality and trustworthiness, making it crucial to get it right. However, creating an effective…
MegaMedusa, RipperSec’s Public Web DDoS Attack Tool
RipperSec, a pro-Palestinian hacktivist group based in Malaysia, has released MegaMedusa, a publicly available Web DDoS attack tool that simplifies launching large-scale DDoS attacks. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Securing the Future: FIPS 140-3 Validation and the DISA STIG for AlmaLinux OS
FIPS 140-3 In exciting news – TuxCare recently received a CMVP validated certificate for the AlmaLinux 9.2 kernel and is now on the NIST Active list (ahead of Red Hat & Oracle!), we are expecting our OpenSSL certificate soon…
Critical SLUBStick Exploitation Technique Threatens Linux Security
A new and highly-effective cross-cache attack named SLUBStick has emerged, targeting the Linux kernel with a remarkable 99% success rate in transforming a limited heap vulnerability into an arbitrary memory read-and-write capability. This allows attackers to elevate privileges or even…
Cybersecurity News: Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting
In today’s cybersecurity news… Security initiative from Japanese auto companies Dozens of companies in the Japan Automotive Information Sharing and Analysis Center signed on to a collaborative initiative to improve […] The post Cybersecurity News: Japanese auto security, Feds tap…
Google addressed the ninth actively exploited Chrome zero-day this year
Google released emergency security updates to fix the ninth actively exploited Chrome zero-day vulnerability this year. Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited. The vulnerability is a type confusion issue…
A cyberattack disrupted operations of US chipmaker Microchip Technology
Semiconductor manufacturer Microchip Technology announced that its operations were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a cyberattack that disrupted operations at several of its manufacturing plants. The company detected potentially suspicious activity involving its IT infrastructure on…
Android malware uses NFC to steal money at ATMs
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The campaign’s primary goal in…
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript and WebAssembly engine developed by…
Backdoor in Mifare Smart Cards Could Open Doors Around the World
Quarklabs researchers claim millions of contactless key cards could be cloned via a backdoor This article has been indexed from www.infosecurity-magazine.com Read the original article: Backdoor in Mifare Smart Cards Could Open Doors Around the World
GitHub fixed a new critical flaw in the GitHub Enterprise Server
GitHub addressed three vulnerabilities in its GitHub Enterprise Server product, including a critical authentication flaw. GitHub addressed three security vulnerabilities impacting the GitHub Enterprise Server (GHES), including a critical flaw tracked as CVE-2024-6800 (CVSS score of 9.5). An attacker can trigger…