19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519
https://gbhackers.com/zimbra-installations-code-execution-attack/
https://gbhackers.com/zimbra-installations-code-execution-attack/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks
A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks.
🔥1
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/169437/security/u-s-cisa-adds-synacor-zimbra-collaboration-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://securityaffairs.com/169437/security/u-s-cisa-adds-synacor-zimbra-collaboration-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Security Affairs
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration bug to its Known Exploited Vulnerabilities catalog
🔥2
Man pleads guilty to stealing over $37 Million worth of cryptocurrency
https://securityaffairs.com/169447/cyber-crime/man-pleads-guilty-37-million-cryptocurrency-theft.html
https://securityaffairs.com/169447/cyber-crime/man-pleads-guilty-37-million-cryptocurrency-theft.html
Security Affairs
Man pleads guilty to stealing over $37 Million worth of cryptocurrency
A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack.
🔥1
Argus – The Ultimate Python Toolkit For Advanced Network Reconnaissance
https://kalilinuxtutorials.com/argus/
https://kalilinuxtutorials.com/argus/
Kali Linux Tutorials
Argus - The Ultimate Python Toolkit For Advanced Network
Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance.
SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities
https://kalilinuxtutorials.com/sharpexclusionfinder/
https://kalilinuxtutorials.com/sharpexclusionfinder/
Kali Linux Tutorials
SharpExclusionFinder - Streamlining Windows Defender Exclusion
This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe).
CSP Bypass: A New Open-Source Tool for Ethical Hackers to Overcome Content Security Policies
https://securityonline.info/csp-bypass-a-new-open-source-tool-for-ethical-hackers-to-overcome-content-security-policies/
https://securityonline.info/csp-bypass-a-new-open-source-tool-for-ethical-hackers-to-overcome-content-security-policies/
Cybersecurity News
CSP Bypass: A New Open-Source Tool for Ethical Hackers to Overcome Content Security Policies
Introducing CSP Bypass, the open-source tool for ethical hackers and security researchers to identify and bypass Content Security Policies (CSPs) and exploit XSS vulnerabilities.
Kaspersky apps are no longer available on Google Play: what to do? | Kaspersky official blog
https://www.kaspersky.com/blog/kaspersky-apps-removed-from-google-play/52254/
https://www.kaspersky.com/blog/kaspersky-apps-removed-from-google-play/52254/
Kaspersky official blog
Kaspersky apps are no longer available on Google Play: what to do?
Kaspersky apps have been removed from Google Play: what does this mean for users, do the apps still work, and how to get and update them now.
Cacti Network Monitoring Tool Patches Security Flaws, Including RCE Vulnerability
https://securityonline.info/cacti-network-monitoring-tool-patches-security-flaws-including-rce-vulnerability/
https://securityonline.info/cacti-network-monitoring-tool-patches-security-flaws-including-rce-vulnerability/
Cybersecurity News
Cacti Network Monitoring Tool Patches Security Flaws, Including RCE Vulnerability
Stay secure with the latest update for Cacti. Version 1.2.28 addresses critical vulnerabilities, including CVE-2024-43363, a Remote Code Execution flaw.
Awaken Likho is awake: new techniques of an APT group
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Securelist
Analyzing the Awaken Likho APT group implant: new tools and techniques
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
Qualcomm Patched Multi Flaws, Including 0-day CVE-2024-43047 & RCE (CVE-2024-33066, CVSS 9.8)
https://securityonline.info/qualcomm-patched-multi-flaws-including-0-day-cve-2024-43047-rce-cve-2024-33066-cvss-9-8/
https://securityonline.info/qualcomm-patched-multi-flaws-including-0-day-cve-2024-43047-rce-cve-2024-33066-cvss-9-8/
Cybersecurity News
Qualcomm Patched Multi Flaws, Including 0-day CVE-2024-43047 & RCE (CVE-2024-33066, CVSS 9.8)
Stay protected from critical vulnerabilities with Qualcomm's October 2024 Security Bulletin. Learn about CVE-2024-43047 and other risks to your device's security.
Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers
https://gbhackers.com/microsoft-doj-dismantles-hundreds-of-websites/
https://gbhackers.com/microsoft-doj-dismantles-hundreds-of-websites/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers
Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group.
Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code
https://gbhackers.com/cacti-network-monitoring-tool-vulnerability/
https://gbhackers.com/cacti-network-monitoring-tool-vulnerability/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code
Cacti Network Monitoring Tool Vulnerability has been identified in the monitoring tool, which could allow attackers to execute remote code.
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
https://gbhackers.com/cve-2024-30052-visual-studio-exploit/
https://gbhackers.com/cve-2024-30052-visual-studio-exploit/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities
Critical Apache Avro SDK RCE flaw impacts Java applications
https://securityaffairs.com/169469/security/apache-avro-java-sdk-critical-flaw.html
https://securityaffairs.com/169469/security/apache-avro-java-sdk-critical-flaw.html
Security Affairs
Critical Apache Avro SDK RCE flaw impacts Java applications
A critical flaw in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances
FBCS data breach impacted 238,000 Comcast customers
https://securityaffairs.com/169478/data-breach/fbcs-data-breach-impacted-238000-comcast-customers.html
https://securityaffairs.com/169478/data-breach/fbcs-data-breach-impacted-238000-comcast-customers.html
Security Affairs
FBCS data breach impacted 238,000 Comcast customers
238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports.
7th October– Threat Intelligence Report
https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/
https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/
Check Point Research
7th October– Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 7th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Chinese state-sponsored hackers, dubbed “Salt Typhoon”, infiltrated US telecom companies such as Verizon,…
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html
https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html
Security Affairs
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv's hackers.
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
BleepingComputer
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports.
Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection
https://gbhackers.com/hybrid-analysis-utilizes-criminal-ips-robust-domain-data/
https://gbhackers.com/hybrid-analysis-utilizes-criminal-ips-robust-domain-data/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection
Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform.
American Water shuts down online services after cyberattack
https://www.bleepingcomputer.com/news/security/american-water-shuts-down-online-services-after-cyberattack/
https://www.bleepingcomputer.com/news/security/american-water-shuts-down-online-services-after-cyberattack/
BleepingComputer
American Water shuts down online services after cyberattack
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack.