After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Florian Hauser found that the vulnerability (tracked as CVE-2024-40711) is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to gain remote […]
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary […]
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s […]
Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to […]
Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious “search.app” domain. As the Google app is a popular portal for searching the web for Android users and delivers a personalized content news feed referred to […]
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel […]
Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition […]
The Canadian government has ordered the dissolution of TikTok Technology Canada following a multi-step review that provided information and evidence of the social media company posing a national risk. The decision also considered advice of Canada’s security and intelligence community as well as other government partners. It does not ban Canadian users’ access to the TikTok […]
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are […]
Nokia’s investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor’s […]
