06 Feb, 2025

Critical Cisco bug lets hackers add root users on SEG devices

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness […]

2 mins read

CrowdStrike update crashes Windows systems, causes outages worldwide

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. The glitch is affecting Windows workstations and servers, with users reporting massive outages that took offline entire companies and fleets of hundreds of thousands of computers. According to […]

7 mins read

Nearly 13 Million Australians Affected by MediSecure Attack

Personal and health data of almost 13 million Australians has been impacted by the cyber-attack on medical prescription provider MediSecure. Following an investigation of a dataset accessed by the attackers in May 2024, the company has determined that 12.9 million individuals who used the MediSecure prescription delivery service during the period of March 2019 to November […]

2 mins read

VMware, Adobe bugs exploited in active attacks as Cisco warns of critical ‘10.0’ flaw

VMware, SolarWinds and Adobe users are being warned that vulnerabilities found in each of the products are under active attack. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Impacted products include Adobe Commerce (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995) and VMware vCenter Server (CVE-2022-22948) CISA’s warning […]

2 mins read

MHTML Exploited By APT Group Void Banshee

Security experts have uncovered a critical remote code execution (RCE) vulnerability, identified as CVE-2024-38112, within the MHTML protocol handler.  This vulnerability, dubbed ZDI-CAN-24433, was reported from CVE-2024-38112 to Microsoft upon discovery (and later patched by the tech giant), with evidence suggesting it was actively exploited by the advanced persistent threat (APT) group Void Banshee.  Known […]

2 mins read

Kaspersky offers free security software for six months in U.S. goodbye

Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. The company decided to close its business and lay off employees in the U.S. after the U.S. government added Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and […]

3 mins read

Vulnerabilities exploited faster than ever, says Cloudflare

By the time you read this article, a zero-day CVE is likely getting exploited. According to researchers with Cloudflare, a newly disclosed vulnerability comes under attack at an average of 22 minutes. The internet backbone provider said attackers are more active than ever and are able to jump onto security vulnerabilities with malware exploits at […]

2 mins read

Email addresses of 15 million Trello users leaked on hacking forum

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists. In January, GeekFeed reported that a threat actor known as ’emo’ […]

3 mins read

Kaspersky is shutting down its business in the United States

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. Company also confirmed that it will lay off its U.S.-based employees. Independent cybersecurity journalist Kim Zetter first reported that this will affect “less than 50 employees in the U.S.” This comes after the U.S. Treasury Department’s […]

2 mins read

Attackers Exploit URL Protections to Disguise Phishing Links

Cybercriminals are abusing legitimate URL protection services to disguise malicious phishing links, Barracuda researchers have revealed. The firm observed phishing campaigns using three different URL protection services to mask phishing URLs and send victims to websites designed to harvest their credentials. The researchers believe these campaigns have targeted hundreds of companies to date, if not […]

3 mins read