Latest Cybersecurity News and Articles
11 September 2024
. The ImageMagick vulnerability (CVE-2016-3714) could allow remote code execution through crafted images. Linux Kernel flaw (CVE-2017-1000253) enables privilege escalation for unpatched systems.
11 September 2024
The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country.
The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations.
The six men, aged between 32 and 42, are suspected of
11 September 2024
CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.
11 September 2024
A new survey highlights the relationship between connectivity and cybersecurity.
11 September 2024
OpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.
11 September 2024
Siemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.
11 September 2024
The HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.
11 September 2024
According to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.
11 September 2024
Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."
If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own
11 September 2024
The flaw, rated 7. 8 on the CVSS scale, involves a heap-based buffer overflow in the Desktop Window Manager core library, allowing attackers to execute arbitrary code with SYSTEM privileges.
11 September 2024
The initial infection involves downloading a malicious package containing a legit CapCut app, JamPlus utility, and a malicious script. The script triggers the download and execution of the final payload from a remote server.
11 September 2024
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
"The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said.
The activity has been assessed to be part of
11 September 2024
The agency is losing nearly a fifth of its cyber capacity annually due to a broken pay system, leading to increased costs with temporary labor and consultants making up over 10% of its budget.
11 September 2024
Zyxel has released critical hotfixes for its end-of-support NAS devices, NAS326 and NAS542, to address a severe command injection vulnerability (CVE-2024-6342) with a CVSS score of 9. 8.
11 September 2024
Checkmarx researchers discovered two XSS vulnerabilities on Gallup's polling site, which could allow attackers to access sensitive data, execute arbitrary code, or take over accounts.
11 September 2024
FreeBSD has issued an urgent security advisory for CVE-2024-43102, a critical vulnerability with a CVSS score of 10. This flaw in the _umtx_op system call can lead to a kernel panic or code execution, jeopardizing system security.
11 September 2024
This flaw affects the browser-based web app, enabling recipients to save pictures and videos that should disappear after being viewed. While the app prohibits users from taking screenshots, this bug circumvents that protection.
11 September 2024
The German cyber agency is investigating a phishing campaign linked to Russian state hackers APT28, who mimicked a well-known think tank's website. The hackers created a fake domain resembling the Kiel Institute for the World Economy.
11 September 2024
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.
The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech
11 September 2024
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution.
A brief description of the issues is as follows -
CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.