Recent Security News
-
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
March 11, 2024 at 02:45AM A critical security flaw (CVE-2024-1403) in Progress Software OpenEdge Authentication Gateway and AdminServer allows unauthorized access via bypassing authentication protections. Exploit specifics and technical details disclosed, with severity rating of 10.0. Addressed in versions OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1. Horizon3.ai released a proof-of-concept, identifying potential remote code execution…
-
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
March 11, 2024 at 02:45AM Magnet Goblin, a financially motivated threat actor, rapidly exploits newly disclosed vulnerabilities to breach public-facing servers and edge devices. The group deploys malware, including a remote access trojan (RAT) called Nerbian and MiniNerbian, to execute arbitrary commands and steal credentials. Their campaigns are financially motivated and target areas previously left…
-
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
March 11, 2024 at 12:30AM Microsoft took six months to patch a rootkit vulnerability in Windows discovered by North Korean hackers Lazarus Group. Avast researchers notified Microsoft of an admin-to-kernel exploit, but Microsoft did not prioritize the matter, waiting until February’s patch Tuesday to fix the issue. Critical vulnerabilities were also found in recent Apple…
-
Japan Blames North Korea for PyPI Supply Chain Cyberattack
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in…
-
YouTube stops recommending videos when signed out of Google
March 10, 2024 at 06:19PM YouTube has stopped showing recommended videos for users not logged into a Google account or in Incognito mode. This change has sparked concerns about users feeling pressured to always be signed in. The simple YouTube homepage now lacks video suggestions or tips on what to watch, prompting speculations that this…