Category: Uncategorized
-
Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People Ionut Arghire
Financial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information. The post Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People appeared first on SecurityWeek. Read More
-

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover [email protected] (The Hacker News)
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine,” AustralianRead More
-
Hackers Claim to Have Infiltrated Belarus’ Main Security Service Associated Press
A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees. The post Hackers Claim to Have Infiltrated Belarus’ Main Security Service appeared first on SecurityWeek. Read More
-

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks [email protected] (The Hacker News)
Identity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by “the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and…
-

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw [email protected] (The Hacker News)
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file (“signal-2023-12-20-160512.ppsx”) as the starting point, withRead More
-

Bogus npm Packages Used to Trick Software Developers into Installing Malware [email protected] (The Hacker News)
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent interviews, the developers are often askedRead More
-
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system…
-
Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices Ionut Arghire
A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices. The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek. Read More
-

Severe Flaws Disclosed in Brocade SANnav SAN Management Software [email protected] (The Hacker News)
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,Read More
-
Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day Ionut Arghire
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek. Read More
