Recent Security News
-
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
January 12, 2024 at 05:43PM The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as…
-
GitLab Releases Updates to Address Critical Vulnerabilities
January 12, 2024 at 05:43PM GitLab releases versions 16.7.2, 16.6.3, and 16.5.6 to address critical vulnerabilities. These include an authentication issue allowing unverified email password resets and a vulnerability enabling slash command abuse in Slack/Mattermost. Other vulnerabilities affect code approval, workspace creation, and signed commit metadata. GitLab urges upgrading and enabling two-factor authentication. Based on…
-
The Week in Ransomware – January 12th 2024 – Targeting homeowners’ data
January 12, 2024 at 05:13PM Ransomware gangs are targeting mortgage lenders, with recent attacks on loanDepot, Mr. Cooper, and title insurance companies. The Toronto Zoo and Tigo Business were also hit. In a positive turn, a Dutch police operation led to the arrest of a ransomware operator. The week also saw the discovery of new…
-
Hyundai MEA X Account Hacked, Followed by Crypto Promotion
January 12, 2024 at 04:05PM Hyundai MEA’s social media account was briefly taken over to distribute cryptocurrency promotions, with the account impersonating a role-playing game backed by Binance’s venture capital arm. The takeover resulted in changed text and images, promoting registration for cryptocurrency offers. Hyundai MEA regained control and removed the offending posts. Netgear and…
-
Cybersecurity Incidents Consistently Increase in UAE
January 12, 2024 at 03:31PM A recent study by Kaspersky reveals that 87% of UAE-based businesses have encountered cybersecurity incidents over the past two years, with 25% attributed to staff malice. Malicious insider threats are deemed particularly dangerous by experts, presenting a growing concern for businesses. Furthermore, many companies in the region lack adequate defense…