"Cisco Patches Critical Vulnerabilities in Smart Licensing Utility"

"Cisco Patches Critical Vulnerabilities in Smart Licensing Utility"

Cisco recently announced patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility and a medium-severity Identity Services Engine flaw for which proof-of-concept (PoC) code exists.  According to Cisco, the Smart Licensing Utility bugs, tracked as CVE-2024-20439 and CVE-2024-20440 (CVSS score of 9.8), could allow remote, unauthenticated attackers to access sensitive information or log in as administrators.

Submitted by Adam Ekwall on

"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"

"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"

A new supply chain attack technique named "Revival Hijack" by the software supply chain security company JFrog has been used in the wild to infiltrate downstream organizations. The method could be used to hijack 22,000 existing Python Package Index (PyPI) packages, potentially resulting in "hundreds of thousands" of malicious downloads. It involves hijacking PyPI software packages by manipulating the option to re-register them once the original owner has removed them from the repository. This article continues to discuss the new Revival Hijack supply chain attack technique.

Submitted by Gregory Rigby on

"Hackers Inject Malicious JS in Cisco Store to Steal Credit Cards, Credentials"

"Hackers Inject Malicious JS in Cisco Store to Steal Credit Cards, Credentials"

Cisco's site for selling company-themed merchandise has temporarily been taken down due to hackers compromising it with JavaScript code that steals sensitive customer details entered at checkout. The researchers who discovered it say that it appears to be a "CosmicSting" attack in which threat actors inject HTML or JavaScript code in CMS blocks rendered in the checkout flow. This article continues to discuss the compromise of Cisco's store site by hackers through the injection of malicious JavaScript code.

Submitted by Gregory Rigby on

"Ransomware Attacks Escalate as Critical Sectors Struggle to Keep Up"

"Ransomware Attacks Escalate as Critical Sectors Struggle to Keep Up"

The frequency, severity, and costs of ransomware attacks continue to grow. Recent reports show rising attacks on healthcare, manufacturing, and other critical sectors. Organizations are often hit multiple times, and ransom payments rarely stop further disruption. Semperis' "2024 Ransomware Risk Report" found that 74 percent of victims were attacked multiple times in a year. This article continues to discuss key findings and observations regarding ransomware attacks.

Submitted by Gregory Rigby on

SecureWorld Denver

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

SecureWorld Dallas

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

SecureWorld St. Louis

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

SecureWorld Detroit

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

National Cyber Summit

"National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. NCS offers more value than similar cyber conferences with diverse focus-areas, premier speakers, and unmatched accessibility. Our core focus is on three things: education, collaboration and innovation."

InfoSec World 2024

"InfoSec World is the leading cybersecurity conference for security practitioners and executives. Now in its 30th year, InfoSec World has been known as the “Business of Security” conference—featuring expert insights, enlightening keynotes, and interactive breakout sessions that inform, engage, and connect the infosec community. This event provides participants with essential tools and solutions to better prevent, detect and respond to today’s security challenges."

Subscribe to