Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote […]
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary […]
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s […]
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to […]
Google’s mysterious ‘search.app’ links leave Android users concerned
Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious “search.app” domain. As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to […]
North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel […]
CISA warns of critical Palo Alto Networks bug exploited in attacks
Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition […]
HPE warns of critical RCE flaws in Aruba Networking access points
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are […]
Nokia says hackers leaked third-party app source code
Nokia’s investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor’s […]
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud. The mandatory MFA rollout will affect both admins and any […]