Recent Security News
-
Recent TeamCity Vulnerability Exploited in Ransomware Attacks
March 11, 2024 at 11:45AM Recent disclosure of a critical TeamCity vulnerability, CVE-2024-27198, led to ransomware attacks after Rapid7 and JetBrains controversy. Rapid7 publicly detailed the vulnerabilities to ensure transparency, after JetBrains fixed them without informing Rapid7. Threat actors launched attacks soon after disclosure, with some servers compromised and files encrypted. JetBrains blamed Rapid7 for…
-
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
March 11, 2024 at 11:15AM High-severity vulnerability in Ultimate Member plugin (CVE-2024-2123) enables injection of malicious scripts into WordPress sites. Insufficient input sanitization and output escaping in the plugin’s members directory list functionality allow unauthenticated attackers to inject web scripts and potentially gain administrative user access. Patch released on March 6, impacting versions 2.8.3 and…
-
Fake Leather wallet app on Apple App Store is a crypto drainer
March 11, 2024 at 10:58AM The Leather cryptocurrency wallet developers warned of a fake app on the Apple App Store, labeled as a wallet drainer, targeting users to steal their digital assets. The app impersonates the genuine product, prompting users to enter their secret passphrases and subsequently draining their wallets. Despite reports, the app remains…
-
Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials
March 11, 2024 at 10:51AM The significance of robust Privileged Access Management (PAM) in the face of cyber threats is emphasized. One Identity PAM Essentials, a SaaS-based solution, prioritizes security, manageability, and compliance. It offers a user-centric design, simplified approach, cost-effectiveness, cloud-native architecture, and seamless integration with OneLogin. This represents a shift in PAM tools,…