Category: Uncategorized
-
US Transportation and Logistics Firms Targeted With Infostealers, Backdoors Ionut Arghire
A malicious campaign is targeting transportation and logistics organizations in North America with various malware families. The post US Transportation and Logistics Firms Targeted With Infostealers, Backdoors appeared first on SecurityWeek. Read More
-
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks Torsten George
As organizations have fortified their defenses against direct network attacks, hackers have shifted their focus to exploiting vulnerabilities in the supply chain to gain backdoor access to systems. The post Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks appeared first on SecurityWeek. Read More
-

EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization? [email protected] (The Hacker News)
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t have the time –…
-

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware [email protected] (The Hacker News)
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack designed to harvest sensitive information for over a year and a half. French cybersecurity firm Sekoia, which disclosed details of the campaign dubbed SilentSelfie, described the intrusion set as long-running, with first signs of infection…
-
Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks Eduard Kovacs
Unsophisticated methods can still be used to hack ICS/OT — even so, many cyberattack claims are likely exaggerated. The post Israeli Group Claims Lebanon Water Hack as CISA Reiterates Warning on Simple ICS Attacks appeared first on SecurityWeek. Read More
-

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities [email protected] (The Hacker News)
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. “Between late 2022 to present, SloppyLemmingRead More
-

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign [email protected] (The Hacker News)
Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow…
-
Apache HugeGraph-Server Improper Access Control Vulnerability (CVE-2024-27348)
What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with the Apache TinkerPop3 framework and the Gremlin query language, making it the first graph database project under the Apache umbrella.This vulnerability in particular allows unauthenticated attackers to execute arbitrary operating system…
-
OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company Associated Press
Mira Murati, who served a few days as its interim CEO during a period of turmoil last year, said she’s leaving the artificial intelligence company. The post OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company appeared first on SecurityWeek. Read More
-

Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52% [email protected] (The Hacker News)
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the…
