Microsoft Security recently revealed a sophisticated cyber-attack campaign that targets Kubernetes clusters by exploiting newly discovered vulnerabilities in the OpenMetadata platform. The attackers have set their sights on Kubernetes workloads, leveraging critical vulnerabilities in the OpenMetadata platform to infiltrate and exploit these systems for cryptomining activities. … [Read more...]
Authorities Busted Cybercrime Platform That Steal Passwords & Card Details
International law enforcement agencies have successfully dismantled a notorious cybercrime platform, LabHost, which facilitated criminals in conducting phishing attacks to steal sensitive information such as passwords, addresses, and card details from unsuspecting victims worldwide. This collaborative effort underscores the increasing global commitment to combating cybercrime and … [Read more...]
Cisco Unveils Hypershield: AI-Powered Automated Vulnerability Shield
Cisco introduced its latest innovation, Cisco Hypershield, marking a significant milestone in the evolution of cybersecurity. Described as the most consequential security product in the company’s history, Hypershield is a cloud-native, AI-powered solution designed to enhance the security of AI-scale data centers. This new technology is integrated directly into the network’s fabric, … [Read more...]
Cisco IOS SNMP Implementation Flaw Trigger Remote Attacks
In a recent security advisory, Cisco disclosed a significant vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature within its IOS and IOS XE Software. This flaw could potentially allow an unauthenticated, remote attacker to bypass ACLs and perform SNMP polling on devices that were configured to deny such … [Read more...]
Poisoned Google Ads Targeting Infra Teams with Weaponized IP Scanners
Security researchers uncovered a sophisticated malvertising campaign targeting IT professionals, particularly those in security and network administration roles. The threat actor behind this attack has been leveraging Google Ads to distribute trojanized versions of popular IP scanning and IT management software. Attack Chain The attack begins with the threat actor registering multiple … [Read more...]
Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)
In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading firewall solution, Xiid Corporation reminds organizations that Xiid SealedTunnel customers remain secure. This latest vulnerability, currently unpatched and rated 10/10 on the CVSS (Common Vulnerability Scoring System), highlights the limitations of traditional security approaches. Xiid … [Read more...]
5 Sandbox Tools for Phishing Analysis in 2024
There is a wide variety of solutions one can use to investigate phishing attacks. Yet, in most cases, analysts can do with just one, a malware analysis sandbox. Thanks to its combination of static and dynamic capabilities, a sandbox is well-equipped to tackle the most complex phishing threats out there. Check out these five sandbox tools you can use in your work. Interactivity For … [Read more...]
Tor Browser 13.0 Released: What’s New
Tor Browser 13.0.14 has been released, bringing essential security updates to the popular privacy-focused web browser. This latest version includes updates to the underlying Firefox browser and several bug fixes and improvements. Critical Updates in Tor Browser 13.0.14 Updated Tor to 0.4.8.11: The Tor network software has been updated to the latest stable version, 0.4.8.11, which … [Read more...]
“Mobile NotPetya”!! Surge in Zero-click Vulnerabilities, Conditions Favour
The cybersecurity community is sounding the alarm about the growing risk of a “mobile NotPetya” event – a self-propagating mobile malware outbreak that could have devastating consequences. Over the past year, the alarming increase in the discovery and exploitation of zero-click vulnerabilities in mobile operating systems drives this concern. alarming increase in the discovery and … [Read more...]
Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation
Attackers tried to take over the JavaScript project from OpenJS Foundation, which is home to JavaScript projects utilized by billions of websites globally. This is similar to the incident that was recently disclosed and targeted at the open-source XZ Utils tracked as (CVE-2024-3094). The XZ Utils software supply chain breach was the outcome of a highly skilled social engineering … [Read more...]
LeakyCLI: New Vulnerability Exposes Credentials In AWS, Azure & Google Cloud
Multiple Cloud Service providers like Google Cloud, AWS, and Azure have been discovered with a new vulnerability that has been termed “LeakyCLI.” As the name suggests, the Command line interfaces of Google Cloud (Gcloud CLI), AWS (AWSCLI), and Azure (Azure CLI) expose sensitive information in the form of environment variables. This vulnerability was assigned with CVE-2023-36052, and the … [Read more...]
How Secure Is Your Active Directory? 5 Critical Vulnerabilities to Watch Out For
Microsoft’s Active Directory (AD) serves as the central nervous system for your organization’s network. It guards company resources by ensuring that only authorized users have access to any given network and database sections. A well-designed AD structure is a fantastic way to safeguard the company against intended or unintended malicious employee actions and outside attacks that may have … [Read more...]
Data Center Ransomware Attacks on Rise: Microsoft SQL Server is Prime Target
Ransomware threats are increasingly targeting data center servers and workloads as the initial step in the attack chain. These systems may not be up-to-date with recommended patches, often run legacy applications without vendor security updates, or may not be scheduled for patch updates to maintain business continuity. As a result, data centers face a high risk of cyber attacks and … [Read more...]
Alert! Oracle Releases Critical Patch Update 2024 – 372 Vulnerabilities are Fixed
Oracle has released its Critical Patch Update (CPU) for April 2024, addressing 372 vulnerabilities across multiple products. The Critical Patch Update provides fixes for security flaws in widely-used Oracle products including Database Server, Fusion Middleware, Enterprise Manager, E-Business Suite, Supply Chain Products Suite, Siebel CRM, Oracle Sun Products, Java SE, and more. The update … [Read more...]
Hackers Exploiting TP-Link Archer Command Injection Vulnerability in the Wild
Cybersecurity researchers have uncovered widespread exploitation of a critical vulnerability in TP-Link Archer routers, which has led to the proliferation of botnet threats. The vulnerability, CVE-2023-1389, allows attackers to execute arbitrary commands on affected devices, potentially granting them access to sensitive information and the ability to hijack the devices for malicious … [Read more...]
Critical PHP Vulnerabilities Let Attackers Inject Commands : Patch Now
Multiple vulnerabilities have been identified in PHP that are associated with Command Injection, Cookie Bypass, Account takeover, and Denial of Service. The CVEs for these vulnerabilities have been given as CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757. The severity of these vulnerabilities is yet to be categorized. However, the latest version of PHP 8.3.6 has been released, … [Read more...]
NSA, CISA Released Guidance And Best Practices To Secure The AI
In an era where artificial intelligence (AI) systems are becoming increasingly integral to our daily lives, the National Security Agency’s Artificial Intelligence Security Center (NSA AISC) has taken a significant step forward in enhancing cybersecurity. The NSA AISC, in collaboration with several key agencies, including CISA, FBI, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK, has released a … [Read more...]
Multiple Juniper Networks Flaw Let Attackers Delete Files
The Juniper networks-owned Junos OS has been discovered to have multiple vulnerabilities associated with Denial of Service (DoS), Path Traversal, and Cross-Site Scripting (XSS). The CVEs for these vulnerabilities have been assigned with CVE-2024-30409, CVE-2020-1606, and CVE-2020-1607. The severity for these vulnerabilities ranges between 5.3 (Medium) to 7.5 (High). However, these … [Read more...]
Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group
In a digital age where information is the new currency, the recent global hack has once again highlighted the urgent need for enhanced cybersecurity measures. The breach was identified as Midnight Blizzard, from the Russian state-sponsored actor known as NOBELIUM. It has affected Millions of individuals and government agencies worldwide, underscoring the far-reaching consequences of … [Read more...]
Hacker Customize LockBit 3.0 Ransomware To Attack Orgs Worldwide
Hackers leverage the LockBit 3.0 ransomware due to its sophisticated encryption functionalities, which enable them to successfully encrypt victims’ files and request a ransom in order to supply decryption keys. The stealthiness of LockBit 3.0 enhances the attack methods, which allow threat actors to have a better chance of successfully deploying ransomware by enabling them to trespass into … [Read more...]
- « Previous Page
- 1
- …
- 9
- 10
- 11
- 12
- 13
- …
- 88
- Next Page »