Recent Security News
-
Fintech Company EquiLend Restoring Systems Following Cyberattack
January 25, 2024 at 11:48AM EquiLend, a Wall Street fintech firm, is working to restore its systems after a cyberattack. The attack resulted in portions of the company’s systems being taken offline, prompting EquiLend to launch an investigation and work with external cybersecurity firms to restore services. The nature and extent of the attack, as…
-
Cisco Patches Critical Vulnerability in Enterprise Collaboration Products
January 25, 2024 at 11:48AM Cisco announced security updates to address a critical-severity vulnerability (CVE-2024-20253, CVSS 9.9) affecting multiple Unified Communications and Contact Center Solutions products. The flaw could allow attackers to execute arbitrary commands with system privileges. Cisco advises immediate patching and mitigation using access control lists. Medium-severity flaws in Business 250/350 series switches…
-
Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive
January 25, 2024 at 11:48AM The Pwn2Own Automotive hacking contest at the Automotive World conference in Tokyo has concluded its second day, with overall earnings exceeding $300,000. The Synacktiv team leads with $430,000, notably earning for exploiting Tesla systems. Additional awards were granted to other successful hacking attempts. Day three will involve further hacking attempts.…
-
Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug
January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab…
-
SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks
January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in…