• Cybersecurity News

Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution.Ghostscript, a widely used ... Read more

• Cybersecurity News

Unit 42 researchers have detected renewed activity from a notorious financially motivated threat actor known as Silent Skimmer. This cybercriminal group, first identified in 2023, had seemingly faded ... Read more

• BleepingComputer

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Fl ... Read more

• Cybersecurity News

Hikvision, a leading provider of network cameras and surveillance systems, has released firmware updates to address a security vulnerability that could expose users’ Dynamic DNS credentials. The vulne ... Read more

• Cybersecurity News

Microsoft announced the general availability of Inbound SMTP DANE with DNSSEC for Exchange Online, marking a significant step forward in email security. This powerful feature combines two robust secur ... Read more

• Cybersecurity News

Attach chain | Image: Trend MicroIn a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim r ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two actively exploited vulnerabilities affecting Cisco networking devices and the popular Roundcube ... Read more

• The Hacker News

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets ... Read more

• Cybersecurity News

Hikvision, a leading provider of AIoT and video surveillance solutions, has disclosed three vulnerabilities affecting its HikCentral Master Lite and HikCentral Professional software. These flaws could ... Read more

• The Cyber Express

Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Common Vulnerability Scoring System (CVSS) score of 9.8 ... Read more

• Cybersecurity News

A new analysis by security researcher Michael Stepankin (@artsploit) of the GitHub Security Lab (GHSL) has uncovered a critical vulnerability in pac4j, a widely-used Java security framework. This vuln ... Read more

• Cybersecurity News

A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit th ... Read more

• TheCyberThrone

A critical security vulnerability has been discovered in the Grafana Plugin SDK for Go, that  could lead to the inadvertent leakage of sensitive information, including repository credentials.The vulne ... Read more

• TheCyberThrone

A critical vulnerability has been disclosed affecting FreeBSD’s bhyve hypervisor. If exploited, this flaw could allow malicious code execution, posing a serious threat to systems running vulnerable ve ... Read more

• Cybersecurity News

The latest vulnerability disclosure identifies a significant security flaw in the Microchip Advanced Software Framework (ASF), specifically within its tinydhcp server implementation. This vulnerabilit ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more

• TheCyberThrone

Acronis has released an advisory for a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and DirectAdmin.The vulnerability, tracked as C ... Read more

• TheCyberThrone

Nigerian ngCERT has issued an urgent warning of ransomware groups actively targeting critical systems by exploiting the vulnerability tracked as CVE-2023-27532 in Veeam Backup and Replication software ... Read more

• Cybersecurity News

The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more

• Cybersecurity News

Medusa ransomware ransom note | Image: Unit 42In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoi ... Read more

• Cybersecurity News

The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more

• Cybersecurity News

Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more

• Cybersecurity News

Screenshot of the sample found on the VirusTotal platformCybersecurity analysts at Group-IB have uncovered a sophisticated malware campaign targeting bank customers in Central Asia. Dubbed “Ajina.Bank ... Read more

• Dark Reading

Source: Mark Brandon via ShutterstockA cybercriminal group — or individual — known as "CosmicBeetle" is exploiting vulnerabilities in technologies used by small businesses in Turkey, as well as Spain, ... Read more

• Cybersecurity News

Encryption scheme utilized by the latest ScRansom samples | Image: ESETIn a significant development tracked by ESET researchers, the threat actor known as CosmicBeetle has intensified its ransomware o ... Read more

• The Hacker News

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South Amer ... Read more

• BleepingComputer

The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomH ... Read more

• Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control without authentication. Immediate updates are essential to protect sensitive data ... Read more

• Help Net Security

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Flo ... Read more

• Cybersecurity News

System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that ... Read more

• Cybersecurity News

Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024- ... Read more

• Cybersecurity News

The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6 ... Read more

• Cybersecurity News

Indonesian government agencies have fallen victim to a large-scale cyberattack orchestrated by the Brain Cipher ransomware group. On June 20, 2024, hackers dealt a severe blow to the country’s critica ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding four critical security vulnerabilities impacting Microsoft Exchange Server, the Linux kernel, and Da ... Read more