Latest Cybersecurity News and Articles
28 August 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.
28 August 2024
A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances.
The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024.
Arising due to missing input validation and sanitization,
27 August 2024
According to AppOmni, one-third of organizations experienced SaaS data breaches last year due to a lack of visibility and control, as revealed by a survey of 644 enterprises globally.
27 August 2024
Lateral movement is a key indicator of ransomware attacks, with 44% of attacks being spotted during this phase, as reported by Barracuda Networks. Additionally, file modifications and off-pattern behavior were also significant triggers for detection.
27 August 2024
This campaign is notable for its malicious apps for Windows, Linux, and macOS users. The attackers have created different versions of Cheana Stealer for each OS to widen their attack surface.
27 August 2024
India is experiencing a rise in cyberattacks on its critical infrastructure, particularly in the financial and government sectors, prompting the Reserve Bank of India to issue warnings about the need for enhanced cybersecurity measures.
27 August 2024
The vulnerability, tracked as CVE-2024-7965 and reported by a security researcher known as TheDog, involved a bug in the compiler backend that could allow remote attackers to exploit heap corruption through a crafted HTML page.
27 August 2024
Top universities in Australia will compete in the Australian Cybersecurity Games at UNSW from September 2-30, 2024. This event, organized by SECedu, features cybersecurity experts collaborating with leading universities like UNSW.
27 August 2024
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT.
The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said.
HZ RAT was first
27 August 2024
SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.
27 August 2024
A new report highlights the rising threat of cyber incidents against critical infrastructure.
27 August 2024
Diversifying suppliers and systems can help minimize risks, as shown by corporations that purchase networking equipment from multiple vendors to prevent total network failure in case of vendor issues.
27 August 2024
Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.
27 August 2024
The project is led by Ukrainian cyber entrepreneur Yehor Aushev and is unique in that it is free and open to a wide range of citizens, including students, researchers, and state officials.
27 August 2024
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
27 August 2024
NASA's IV&V Facility is expanding its cybersecurity services to enhance the safety of its missions. This initiative includes incorporating cybersecurity assessments into their traditional roles of software examination.
27 August 2024
The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director.
The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early
27 August 2024
Nuclei is an open-source vulnerability scanner known for its speed and customizable YAML-based templates. It offers flexibility in security checks by allowing customization of templates to send requests to multiple targets.
27 August 2024
Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial
27 August 2024
The Dutch Data Protection Authority (AP) announced the €290m ($324m) fine yesterday, claiming that it stems from the same concerns that have led to years-long legal wranglings between the EU and US.