• Cybersecurity News

Hunt researchers have discovered a novel deployment of XenoRAT, an open-source remote access tool (RAT), leveraging Excel XLL files and advanced obfuscation methods. Known for targeting gamers and pos ... Read more

• The Hacker News

Vulnerability / Data Security Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersec ... Read more

• Cybersecurity News

Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution.Ghostscript, a widely used ... Read more

• TheCyberThrone

A new ransomware strain named Frag ransomware has been discovered during the series of cyberattacks involving exploiting a vulnerability in Veeam backup servers,  tracked as CVE-2024-40711This newly o ... Read more

• Cybersecurity News

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges. This issue arises f ... Read more

• Cybersecurity News

The Frag ransom note | Image: SophosSophos X-Ops recently uncovered Frag ransomware in a series of cyberattacks exploiting a vulnerability in Veeam backup servers, designated CVE-2024-40711. This newl ... Read more

• BleepingComputer

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Fl ... Read more

• Cybersecurity News

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. This vulnerability, rated at CV ... Read more

• The Hacker News

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets ... Read more

• Cybersecurity News

The attack chain | Image: S-RMThe notorious Akira ransomware group continues to adapt and refine its methods, solidifying its position as one of the most significant threats in the cyber landscape. Ac ... Read more

• The Hacker News

Cybersecurity / Weekly Recap Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in l ... Read more

• The Register

in brief A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secur ... Read more

• TheCyberThrone

The US CISA has added Veeam Backup flaw to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.CVE-2024-40711 Veeam Backup and Replication contains a deserializati ... Read more

• The Cyber Express

GitHub has released a critical security advisory highlighting vulnerabilities that merit immediate action from users of GitHub Enterprise Server (GHES). The advisory focuses on a GitHub vulnerability ... Read more

• Cybersecurity News

The Ultimate Membership Pro plugin, a premium WordPress plugin widely used for managing membership subscriptions, has been found to contain two critical vulnerabilities, according to a report from Raf ... Read more

• The Cyber Express

Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Common Vulnerability Scoring System (CVSS) score of 9.8 ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizatio ... Read more

• Cybersecurity News

The Apache CloudStack project has announced the release of LTS security releases 4.18.2.4 and 4.19.1.2 to address four security vulnerabilities, including two rated as “Important.” CloudStack is a pop ... Read more

• TheCyberThrone

The Apache Software Foundation has released a security update for Apache Roller The vulnerability, tracked as CVE-2024-46911, a critical Cross-site Request Forgery (CSRF) vulnerability that could allo ... Read more

• security.nl

Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Veeam Backup & Replication bij het uitvoeren van ransomware-aanvallen. Dat meldt antivirusbedrijf Sophos. Veaam kwam begin vorige maa ... Read more

• The Hacker News

Ransomware / Vulnerability Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos sa ... Read more

• Cybersecurity News

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for malicious ac ... Read more

• TheCyberThrone

Apache project releases patch for a vulnerability tracked as CVE-2024-47561, that impacts all versions of the software prior to 1.11.4.Apache Avro is a data serialization framework developed as part o ... Read more

• Cybersecurity News

Identity and access management giant, Okta, recently addressed a vulnerability that could have allowed malicious actors with valid credentials to bypass critical security measures. The vulnerability, ... Read more

• Cybersecurity News

A high-severity vulnerability (CVE-2024-5102) has been discovered in Avast Antivirus for Windows, potentially allowing attackers to gain elevated privileges and wreak havoc on users’ systems. This fla ... Read more

• Cybersecurity News

Cisco has issued a security advisory addressing a critical vulnerability (CVE-2024-20432) in its Nexus Dashboard Fabric Controller (NDFC). This flaw, which carries a severity rating of 9.9 out of 10 o ... Read more

• Cybersecurity News

Octopus Deploy, a leading continuous delivery platform used by thousands of software teams worldwide, has released a critical security update to address a severe vulnerability (CVE-2024-9194) in its O ... Read more

• europa.eu

Cyber Brief (September 2024)October 1, 2024 - Version: 1.0TLP:CLEARExecutive summaryWe analysed 269 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, in Europe, l ... Read more

• Cybersecurity News

A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw ... Read more

• Cybersecurity News

The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more

• Cybersecurity News

Medusa ransomware ransom note | Image: Unit 42In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoi ... Read more

• Dark Reading

Source: Postmodern Studio via Alamy Stock PhotoA researcher has released a proof-of-concept (PoC) exploit and analysis for a critical vulnerability, tracked as CVE-2024-40711, used in Veeam's backup a ... Read more

• Cybersecurity News

The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-202 ... Read more

• Help Net Security

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploite ... Read more

• Help Net Security

Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zy ... Read more

• Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control without authentication. Immediate updates are essential to protect sensitive data ... Read more

• Help Net Security

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Flo ... Read more

• The Cyber Express

Veeam has published a new Security Bulletin addressing multiple critical vulnerabilities across its suite of products. The Veeam security bulletin, identified as KB ID: 4649, includes updates on Veeam ... Read more

• Cybersecurity News

Please enable JavaScriptProgress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and loa ... Read more

• The Hacker News

Threat Prevention / Software Security Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could res ... Read more

• security.nl

Veeam back-upservers zijn via een kritieke kwetsbaarheid op afstand over te nemen en de fabrikant heeft een update uitgebracht om het probleem te verhelpen. In het verleden zijn soortgelijke kwetsbaar ... Read more

• BleepingComputer

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, S ... Read more

• TheCyberThrone

Several critical vulnerabilities have been discovered in Veeam Service Provider Console and Veeam Backup & Replication could allow attackers to gain unauthorized access, execute malicious code, and po ... Read more

• Cybersecurity News

A series of critical vulnerabilities have been discovered in Veeam Service Provider Console, a widely-used platform for managing data protection services in cloud and virtual environments. These vulne ... Read more

• Cybersecurity News

A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most se ... Read more