Category: Uncategorized
-
The future of hybrid cloud: What to expect in 2025 and beyond
Post ContentRead More
-

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft [email protected] (The Hacker News)
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into…
-

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials [email protected] (The Hacker News)
A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to…
-

North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign [email protected] (The Hacker News)
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities intoRead More
-

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia [email protected] (The Hacker News)
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024. “Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code,”…
-

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately [email protected] (The Hacker News)
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OSRead…
-

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks [email protected] (The Hacker News)
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. “These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettingsRead More
-

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization [email protected] (The Hacker News)
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. “The ObjectSerializationDecoder in Apache MINA uses…
-

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts [email protected] (The Hacker News)
A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications,…
-

Ruijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks [email protected] (The Hacker News)
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. “These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices,” Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. “The…
