Apache fixes critical OFBiz remote code execution vulnerability
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
BleepingComputer
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)
https://securityonline.info/openstack-ironic-users-urged-to-patch-critical-vulnerability-cve-2024-44082/
https://securityonline.info/openstack-ironic-users-urged-to-patch-critical-vulnerability-cve-2024-44082/
Cybersecurity News
OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)
Critical security flaw in OpenStack's Ironic project (CVE-2024-44082) exposes sensitive data. Learn more about the vulnerability and its impact.
Bitcoin ATM Scams Surge with Over $110 Million in Losses in 2023
https://securityonline.info/bitcoin-atm-scams-surge-with-over-110-million-in-losses-in-2023/
https://securityonline.info/bitcoin-atm-scams-surge-with-over-110-million-in-losses-in-2023/
Cybersecurity News
Bitcoin ATM Scams Surge with Over $110 Million in Losses in 2023
Beware of Bitcoin ATM scams. The FTC reveals alarming figures—over $110 million lost in 2023 alone. Learn how criminals exploit these decentralized machines.
DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
https://securityonline.info/darkcracks-a-new-stealthy-malware-framework-exploiting-glpi-and-wordpress/
https://securityonline.info/darkcracks-a-new-stealthy-malware-framework-exploiting-glpi-and-wordpress/
Cybersecurity News
DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
Uncover the advanced malware campaign known as DarkCracks. Learn how it exploits vulnerabilities in GLPI and WordPress websites for stealthy control.
CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
https://securityonline.info/cve-2024-7012-cvss-9-8-critical-foreman-flaw-exposes-red-hat-satellite-to-unauthorized-access/
https://securityonline.info/cve-2024-7012-cvss-9-8-critical-foreman-flaw-exposes-red-hat-satellite-to-unauthorized-access/
Cybersecurity News
CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
Learn about the critical vulnerability, CVE-2024-7012, in Foreman. Discover how this flaw could enable unauthorized access to Red Hat Satellite.
Black Basta’s Evolving Tactics and the Rising Role of LLMs in Cyber Attack
https://securityonline.info/black-bastas-evolving-tactics-and-the-rising-role-of-llms-in-cyber-attack/
https://securityonline.info/black-bastas-evolving-tactics-and-the-rising-role-of-llms-in-cyber-attack/
Cybersecurity News
Black Basta's Evolving Tactics and the Rising Role of LLMs in Cyber Attack
Discover the tactics of Black Basta, one of the most dangerous extortion groups. Explore the use of large language models in cybersecurity.
Critical Flaws in Veeam ONE Expose Systems to RCE (CVE-2024-42024) and Credential Theft (CVE-2024-42019)
https://securityonline.info/critical-flaws-in-veeam-one-expose-systems-to-rce-cve-2024-42024-and-credential-theft-cve-2024-42019/
https://securityonline.info/critical-flaws-in-veeam-one-expose-systems-to-rce-cve-2024-42024-and-credential-theft-cve-2024-42019/
Cybersecurity News
Critical Flaws in Veeam ONE Expose Systems to RCE (CVE-2024-42024) and Credential Theft (CVE-2024-42019)
Stay protected from critical vulnerabilities in Veeam ONE. Learn about CVE-2024-42024 & CVE-2024-42019 and the risks it poses to your virtual and data protection environments.
North Korean Hackers Launch Job Interview Scam to Deploy BeaverTail and InvisibleFerret Malware
https://securityonline.info/north-korean-hackers-launch-job-interview-scam-to-deploy-beavertail-and-invisibleferret-malware/
https://securityonline.info/north-korean-hackers-launch-job-interview-scam-to-deploy-beavertail-and-invisibleferret-malware/
Cybersecurity News
North Korean Hackers Launch Job Interview Scam to Deploy BeaverTail and InvisibleFerret Malware
Protect yourself from the BeaverTail malware and InvisibleFerret backdoor used by Lazarus Group. Learn how the Contagious Interview campaign targets blockchain professionals and job seekers through deceptive tactics.
MuddyWater’s Sneaky New Tactic: Hijacking RMM Software for Espionage
https://securityonline.info/muddywaters-sneaky-new-tactic-hijacking-rmm-software-for-espionage/
https://securityonline.info/muddywaters-sneaky-new-tactic-hijacking-rmm-software-for-espionage/
Cybersecurity News
MuddyWater's Sneaky New Tactic: Hijacking RMM Software for Espionage
Discover the alarming tactics of the MuddyWater hacking group. Find out how they exploit legitimate software in their attacks.
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
https://securityonline.info/cve-2024-7591-cvss-10-critical-vulnerability-discovered-in-progress-loadmaster/
https://securityonline.info/cve-2024-7591-cvss-10-critical-vulnerability-discovered-in-progress-loadmaster/
Cybersecurity News
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
Critical vulnerability (CVE-2024-7591) in Progress LoadMaster ADC and load balancer. Learn how unauthenticated, remote attackers can execute system commands.
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-systems-at-risk-of-root-compromise/
https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-systems-at-risk-of-root-compromise/
Daily CyberSecurity
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
The security researchers have disclosed technical details and PoC exploit code for a CVE-2024-26581 vulnerability within the Linux kernel
Veeam fixed a critical flaw in Veeam Backup & Replication software
https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html
https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html
Security Affairs
Veeam fixed a critical flaw in Veeam Backup & Replication software
Veeam addressed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
Russia-linked GRU Unit 29155 targeted critical infrastructure globally
https://securityaffairs.com/168095/cyber-warfare-2/russia-gru-unit-29155-critical-infrastructure.html
https://securityaffairs.com/168095/cyber-warfare-2/russia-gru-unit-29155-critical-infrastructure.html
Security Affairs
Russia-linked GRU Unit 29155 targeted critical infrastructure globally
The US and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks.
Apache fixed a new remote code execution flaw in Apache OFBiz
https://securityaffairs.com/168106/security/apache-ofbiz-rce-cve-2024-45195.html
https://securityaffairs.com/168106/security/apache-ofbiz-rce-cve-2024-45195.html
Security Affairs
Apache fixed a new remote code execution flaw in Apache OFBiz
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system.
SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild
https://securityonline.info/sonicwall-confirms-critical-cve-2024-40766-vulnerability-actively-exploited-in-the-wild/
https://securityonline.info/sonicwall-confirms-critical-cve-2024-40766-vulnerability-actively-exploited-in-the-wild/
Cybersecurity News
SonicWall Confirms Critical CVE-2024-40766 Vulnerability Actively Exploited in the Wild
Stay informed about the active exploitation of CVE-2024-40766. Discover how this critical access control vulnerability in SonicOS can compromise your security.
How cybercriminals attack young gamers: the most common and dangerous scams | Kaspersky official blog
https://www.kaspersky.com/blog/how-scammers-attack-young-gamers-2024/52099/
https://www.kaspersky.com/blog/how-scammers-attack-young-gamers-2024/52099/
Kaspersky official blog
How cybercriminals attack young gamers: the most common and dangerous scams
Our new report investigates cyberthreats aimed at child gamers.
U.S. Offers $10 Million Reward for Information on GRU Hackers Targeting Critical Infrastructure
https://securityonline.info/u-s-offers-10-million-reward-for-information-on-gru-hackers-targeting-critical-infrastructure/
https://securityonline.info/u-s-offers-10-million-reward-for-information-on-gru-hackers-targeting-critical-infrastructure/
Cybersecurity News
U.S. Offers $10 Million Reward for Information on GRU Hackers Targeting Critical Infrastructure
$10 million reward for information on GRU hackers. Help identify the Russian military intelligence officers behind major cyberattacks.
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
https://blog.talosintelligence.com/vulnerability-in-tencent-wechat-custom-browser-could-lead-to-remote-code-execution/
https://blog.talosintelligence.com/vulnerability-in-tencent-wechat-custom-browser-could-lead-to-remote-code-execution/
Cisco Talos Blog
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.
👍1
Critical Infrastructure and Ransomware
https://security.packt.com/critical-infrastructure-and-ransomware/
https://security.packt.com/critical-infrastructure-and-ransomware/
Packt SecPro
Critical Infrastructure and Ransomware - Packt SecPro
Critical infrastructure plays a vital role in our daily lives. It encompasses the essential systems and services that support the functioning of society. From power plants to water treatment facilities, critical infrastructure ensures that communities have…
The 2024 Threat Landscape State of Play
https://blog.talosintelligence.com/the-2024-threat-landscape-state-of-play/
https://blog.talosintelligence.com/the-2024-threat-landscape-state-of-play/
Cisco Talos Blog
The 2024 Threat Landscape State of Play
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.
Red Team vs. Blue Team: Strategies for Advanced Penetration Testing
https://medium.com/purple-team/red-team-vs-blue-team-strategies-for-advanced-penetration-testing-cc54d7c3e50a?source=rss----d208c28825c7---4
https://medium.com/purple-team/red-team-vs-blue-team-strategies-for-advanced-penetration-testing-cc54d7c3e50a?source=rss----d208c28825c7---4
Medium
Red Team vs. Blue Team: Strategies for Advanced Penetration Testing
As cybersecurity threats evolve in complexity and scale, the traditional approach to defending an organization’s digital assets has become…