Category: Uncategorized
-
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack Eduard Kovacs
Orthopedics services provider Access Sports says the data of 88,000 people was stolen by cybercriminals. The post 88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack appeared first on SecurityWeek. Read More
-
Master Your PCI DSS v4 Compliance with Innovative Smart Approvals [email protected] (The Hacker News)
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection…
-
Data Stolen in Ransomware Attack That Hit Seattle Airport Ionut Arghire
The Port of Seattle, which operates the SEA Airport, has confirmed that the August outage was the result of a ransomware attack. The post Data Stolen in Ransomware Attack That Hit Seattle Airport appeared first on SecurityWeek. Read More
-
SolarWinds Patches Critical Vulnerability in Access Rights Manager Ionut Arghire
SolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager. The post SolarWinds Patches Critical Vulnerability in Access Rights Manager appeared first on SecurityWeek. Read More
-
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure Eduard Kovacs
The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure. The post Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure appeared first on SecurityWeek. Read More
-
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure [email protected] (The Hacker News)
Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical “threat intelligence” information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts, coupled with those of others in the…
-
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks [email protected] (The Hacker News)
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users’ credentials. “Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML…
-
Raisecom Gateway Command Injection (CVE-2024-7120)
What is the Attack?FortiGuard Labs observes attack attempts targeting certain models of Raisecom Gateway that are vulnerable to CVE-2024-7120. This attack can be initiated remotely and may lead to OS command injection. Exploit for this vulnerability has also been disclosed to the public.What is the recommended Mitigation?Currently we are unaware of any vendor-supplied patch or…
-
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability [email protected] (The Hacker News)
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518…
-
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)
What is the Vulnerability?An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and…