Recent Security News
-
VMware vCenter Server Vulnerability Exploited in Wild
January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed…
-
Nigerian Businesses Face Growing Ransomware-as-a-Service Trade
January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated…
-
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are…
-
IT consultant fined for daring to expose shoddy security
January 19, 2024 at 01:52AM A German security researcher was fined €3,000 for uncovering an e-commerce database vulnerability affecting almost 700,000 customer records. The contractor, Hendrik H., discovered a plain-text password stored in a program file, providing potential access to customer data. Despite initial court support, the Jülich District Court later fined him under Germany’s…
-
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised…