U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apache OFBiz Incorrect Authorization Vulnerability CVE-2024-38856 (CVSS score of 9.8) to its Known Exploited Vulnerabilities…
Tag: Security Affairs
Critical flaw in WPML WordPress plugin impacts 1M websites
A critical flaw in the WPML WordPress plugin, which is installed on 1 million websites, could allow potential compromise of affected sites. The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. An authenticated (Contributor+) Remote…
China-linked APT Volt Typhoon exploited a zero-day in Versa Director
China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director to upload a custom webshell in target networks. China-linked APT Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717, in Versa Director, to deploy a custom webshell on…
Researchers unmasked the notorious threat actor USDoD
CrowdStrike researchers have identified the notorious hacker USDoD who is behind several high-profile data leaks. The notorious hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil, according to a CrowdStrike investigation. The news…
The Dutch Data Protection Authority (DPA) has fined Uber a record €290M
The Dutch Data Protection Authority (DPA) has fined Uber a record €290M for violating the EU data protection regulation while sending sensitive driver data to the U.S. The Dutch Data Protection Authority (DPA) has fined Uber €290 million ($324 million)…
Google addressed the tenth actively exploited Chrome zero-day this year
Google released emergency security updates to fix the tenth actively exploited Chrome zero-day vulnerability this year. Google released a security update to address a new Chrome zero-day vulnerability, tracked as CVE-2024-7965 (CVSS score 8.8), that is actively exploited. The vulnerability is…
SonicWall addressed an improper access control issue in its firewalls
SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. The vulnerability is…
A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport
A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted. Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, has suffered a cyber attack…
Linux malware sedexp uses udev rules for persistence and evasion
Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Meet UULoader: An Emerging and Evasive Malicious Installer BlindEagle flying high in Latin America Finding Malware: Unveiling NUMOZYLOD with Google Security…