Category: Uncategorized
-
Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919)
What is the attack?A zero-day vulnerability affecting Check Point Security Gateways is being exploited by attackers to gain remote access. The vulnerability can allow an attacker to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades. Check Point issued an advisory on Monday, warning that threat…
-

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate…
-

FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine [email protected] (The Hacker News)
Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. “The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to open malicious files via debt-themed lures,” Cloudflare’s threat intelligence team Cloudforce OneRead…
-
Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero Ryan Naraine
Cloudlfare acquires Boston seed-stage startup BastionZero to bolster its Zero Trust Network Access technology portfolio. The post Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero appeared first on SecurityWeek. Read More
-
Microsoft’s Windows Recall: Cutting-Edge Search Tech or Creepy Overreach? Ryan Naraine
SecurityWeek editor-at-large Ryan Naraine examines the broad tension between tech innovation and privacy rights at a time when ChatGPT-like bots and generative-AI apps are starting to dominate the landscape. The post Microsoft’s Windows Recall: Cutting-Edge Search Tech or Creepy Overreach? appeared first on SecurityWeek. Read More
-

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors [email protected] (The Hacker News)
A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. “The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data…
-
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors Ionut Arghire
Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek. Read More
-

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability [email protected] (The Hacker News)
The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and…
-
NIST Getting Outside Help for National Vulnerability Database Eduard Kovacs
NIST is receiving support to get the NVD and CVE processing back on track within the next few months. The post NIST Getting Outside Help for National Vulnerability Database appeared first on SecurityWeek. Read More
-
Law enforcement conducts ‘largest ever’ botnet takedown
Post ContentRead More
