Recent Security News
-
Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases
January 19, 2024 at 06:12AM The US security agency CISA warns of increasing exploitation of two Ivanti Connect Secure VPN vulnerabilities by a Chinese cyberespionage group, compromising over 2,100 devices belonging to various organizations. Additionally, a separate Ivanti product flaw is being exploited. Patches have been released with mitigations, but widespread exploitation continues, including new…
-
VMware vCenter Server Vulnerability Exploited in Wild
January 19, 2024 at 06:12AM VMware warns of CVE-2023-34048, a critical vCenter Server vulnerability exploited in the wild. The issue, an out-of-bounds write problem related to DCERPC protocol implementation, allows remote code execution with network access. VMware released patches in October, even for end-of-life versions. The exploitation has been confirmed, with potentially hundreds of exposed…
-
Nigerian Businesses Face Growing Ransomware-as-a-Service Trade
January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated…
-
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
January 19, 2024 at 03:33AM A recently discovered malicious npm package “oscompatible” was found to deploy a sophisticated remote access trojan on compromised Windows machines. This attack highlights the increasing targeting of open-source software ecosystems and the risks associated with deprecated npm packages. The security firm Aqua revealed that 21.2% of top npm packages are…
-
IT consultant fined for daring to expose shoddy security
January 19, 2024 at 01:52AM A German security researcher was fined €3,000 for uncovering an e-commerce database vulnerability affecting almost 700,000 customer records. The contractor, Hendrik H., discovered a plain-text password stored in a program file, providing potential access to customer data. Despite initial court support, the Jülich District Court later fined him under Germany’s…