cybersecurity
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness […]
CrowdStrike update crashes Windows systems, causes outages worldwide
A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. The glitch is affecting Windows workstations and servers, with users reporting massive outages that took offline entire companies and fleets of hundreds of thousands of computers. According to […]
VMware, Adobe bugs exploited in active attacks as Cisco warns of critical ‘10.0’ flaw
VMware, SolarWinds and Adobe users are being warned that vulnerabilities found in each of the products are under active attack. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Impacted products include Adobe Commerce (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995) and VMware vCenter Server (CVE-2022-22948) CISA’s warning […]
Vulnerabilities exploited faster than ever, says Cloudflare
By the time you read this article, a zero-day CVE is likely getting exploited. According to researchers with Cloudflare, a newly disclosed vulnerability comes under attack at an average of 22 minutes. The internet backbone provider said attackers are more active than ever and are able to jump onto security vulnerabilities with malware exploits at […]
Email addresses of 15 million Trello users leaked on hacking forum
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists. In January, GeekFeed reported that a threat actor known as ’emo’ […]
Attackers Exploit URL Protections to Disguise Phishing Links
Cybercriminals are abusing legitimate URL protection services to disguise malicious phishing links, Barracuda researchers have revealed. The firm observed phishing campaigns using three different URL protection services to mask phishing URLs and send victims to websites designed to harvest their credentials. The researchers believe these campaigns have targeted hundreds of companies to date, if not […]
NATO Set to Build New Cyber Defense Center
NATO’s members have agreed to the construction of a new cyber-defense facility designed to help the military alliance build resilience and better respond to digital threats. As the alliance celebrated its 75th anniversary with a summit in Washington DC from 9 to 11 July, it revealed plans for a new NATO Integrated Cyber Defence Centre […]
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now patched by Microsoft, did not require any authentication, setting it apart from the previously discovered CVE-2024-30103, which required at least an NTLM token. If exploited, CVE-2024-38021 could lead to data breaches, unauthorized access and […]
BlastRADIUS bug puts most networking devices at risk
A newly discovered flaw in the RADIUS networking protocol has the industry recognizing that a standard set in 1997 is now in need of an upgrade — even while researchers warn that well-funded state-sponsored attackers can exploit the flaw to bypass multi-factor authentication (MFA) and gain network access. In a July 9 blog post, researchers […]
Victims of cyber extortion and ransomware increase in 2024
More than 4,000 new victims of ransomware were recorded over the past 12 months. According to research by Orange Cyberdefense, there was a 77% year-on-year growth from 2023 with 4,374 new victims detected in 75% of countries monitored. In the first quarter of 2024, there were 1,046 victims hit by 43 different threat actors. Speaking […]