Ransomware groups such as BianLian and Rhysida are now exploiting Microsoft Azure tools like Storage Explorer and AzCopy to steal data from compromised networks and store it in Azure Blob storage. This article has been indexed from Cyware News –…
Tag: Cyware News – Latest Cyber News
Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication
Security researcher Sina Kheirkhah has published a PoC exploit for CVE-2024-40711 in Veeam Backup & Replication, a critical vulnerability with a CVSS score of 9.8. The flaw allows unauthenticated RCE, posing a threat to enterprise environments. This article has been…
GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
GitLab has released a critical security patch for the CVE-2024-45409 vulnerability (CVSS 10). It impacts both GitLab Community Edition (CE) and Enterprise Edition (EE) and originates from the Ruby-SAML library used for SAML authentication. This article has been indexed from…
Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later
Approximately nine percent of tested firmware images use non-production cryptographic keys that are publicly known, making Secure Boot devices vulnerable to UEFI bootkit malware attacks. This article has been indexed from Cyware News – Latest Cyber News Read the original…
CISA Urges Software Developers to Weed Out XSS Vulnerabilities
The CISA and the FBI recommended software developers to implement rigorous validation, sanitization, and input escaping to prevent malicious script injections and data manipulation. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
Red Hat OpenShift Receives Patches for Two Critical Flaws
Red Hat OpenShift, a popular hybrid cloud platform with robust security features, is facing two critical vulnerabilities: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1). This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
US Indicts Chinese National for Phishing for NASA Tech
Prosecutors allege that Chinese national Wu Song targeted US academics and engineers to obtain applications used in aerospace engineering and fluid dynamics, which could be used for developing missiles and weapons. This article has been indexed from Cyware News –…
Data Theft Risk in Salesforce by Manipulating Public Links
The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII). This article has been indexed from Cyware News – Latest Cyber News…
Valid Accounts Remain Top Access Point for Critical Infrastructure Attacks, Officials Say
Valid account abuse remains a top entry point for critical infrastructure attacks, with the CISA reporting that 2 in 5 successful intrusions last year were attributed to this method. This article has been indexed from Cyware News – Latest Cyber…
Construction Companies Potentially Vulnerable Through Accounting Software
Cybersecurity firm Huntress reported that attackers search for publicly accessible installations of Foundation software on the internet and then attempt to gain administrative access by trying combinations of default usernames and passwords. This article has been indexed from Cyware News…