Recent Security News
-
Critical Cisco Unified Communications RCE Bug Allows Root Access
January 25, 2024 at 12:59PM A new critical bug (CVE-2024-20253, 9.9 CVSS) in Cisco UC/CC solutions poses an unauthenticated remote code execution risk. Attackers can exploit the bug through specially crafted messages, potentially leading to data breaches, service disruption, and unauthorized system access. Cisco has issued patches and recommended interim measures to mitigate the vulnerability.…
-
‘CherryLoader’ Malware Allows Serious Privilege Execution
January 25, 2024 at 12:52PM Researchers have detected a threat actor utilizing a new, sophisticated downloader named “CherryLoader” to gain admin-level access on systems. The attacker also utilized privilege escalation tools from the “potato” family. CherryLoader’s notable feature is its ability to swap payloads without recompiling code, enhancing flexibility and evading detection. Based on the…
-
In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS
January 25, 2024 at 12:48PM The text highlights the challenges faced by modern organizations with MPLS, citing its outdated design, high costs, and limitations in service level agreements. It discusses the potential replacement of MPLS with alternatives such as the internet, SD-WAN, and Secure Access Service Edge (SASE), emphasizing the benefits and growing adoption of…
-
Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers
January 25, 2024 at 11:55AM A loophole in Google Kubernetes Engine (GKE) authentication allows external attackers with Google accounts to access private Kubernetes clusters, posing serious security risks. Orca Security discovered the issue, named Sys:All, which grants unauthorized access by mistakenly binding overly permissive roles to the “system:authenticated” group. Google has taken steps to mitigate…
-
$1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis
January 25, 2024 at 11:48AM In 2023, $1.7 billion in cryptocurrency was stolen, down from $3.7 billion in 2022. Decentralized financial systems (DeFi) were targeted, with $1.1 billion stolen, a 64% decrease. North Korean hackers stole slightly over $1 billion, with the number of attacks increasing. Cybersecurity measures are improving, with better collaboration between crypto…