News
-
"CISA, FBI Urge Immediate Action on OS Command Injection Vulnerabilities in Network Devices"The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint alert about the exploitation of OS command injection vulnerabilities in network edge devices. -
"Huione Guarantee Marketplace Exposed as Front for Cybercrime"Cryptocurrency investigators at Elliptic have claimed a popular online marketplace in Southeast Asia is actually being used primarily by money launderers and fraudsters. -
"VMware Patches Critical SQL-Injection Flaw in Aria Automation"VMWare recently pushed out patches for a high-risk SQL injection vulnerability in its Aria Automation product and warned that an authenticated malicious user could target the flaw to manipulate databases. -
"NSA Joins in Releasing Case Studies Showing PRC Tradecraft in Action"The National Security Agency (NSA) joins the Australian Signals Directorate (ASD) and other agencies in publishing a Cybersecurity Advisory (CSA) titled "PRC MSS Tradecraft in Action." It delves into the tradecraft of a cyber actor group associat -
"Ransomware Groups Prioritize Defense Evasion for Data Exfiltration"Cisco Talos reports that ransomware attackers are increasingly focusing on defense evasion to boost dwell time in victim networks. -
"Citrix Patches Critical NetScaler Console Vulnerability"Cloud computing and virtualization software vendor Citrix recently released patches to fix multiple security vulnerabilities, including critical and high-severity issues, in its flagship NetScaler product line. -
"UCSC Students Discover, Help Patch Cybersecurity Flaw for Free Laundry"Alexander Sherbrooke, a first-year computer science and engineering student at UC Santa Cruz, explored the security of an Internet-connected laundry machine. -
"We Analyzed the Entire Web and Found a Cybersecurity Threat Lurking in Plain Sight"Researchers have found that clickable website links often lead to malicious destinations. Millions of "hijackable hyperlinks" have been found across the web, including on trusted websites. -
"Critical Vulnerability in the RADIUS Protocol Leaves Networking Equipment Open to Attack"The critical "BlastRADIUS" vulnerability in the RADIUS protocol exposes most networking equipment to Man-in-the-Middle (MitM) attacks. The vulnerability is hard to exploit, but an exploit could have serious consequences. -
"Avast Provides DoNex Ransomware Decryptor to Victims"According to the antivirus provider Avast, law enforcement organizations have been sharing decryptor keys with victims of the "DoNex" ransomware since March 2024. -
"Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks"Researchers have found that attackers can perform cryptocurrency mining using improperly configured Jenkins Script Console instances. -
"RCE Bug in Widely Used Ghostscript Library Now Exploited in Attacks"Attackers are exploiting a Remote Code Execution (RCE) vulnerability in a Linux-wide Ghostscript document conversion toolkit.