Recent Security News
-
October 10, 2023 at 03:06AM – libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
October 10, 2023 at 03:06AM A security flaw in the libcue library affects GNOME Linux systems, allowing remote code execution (RCE) when a user downloads a malicious .cue file. The vulnerability (CVE-2023-43641) is caused by memory corruption in libcue versions 2.2.1 and earlier. Detailed technical information has been withheld to give users time to update.…
-
October 10, 2023 at 02:18AM – Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600…
-
October 9, 2023 at 10:38PM – Exercise Cyber Star tests Singapore response
October 9, 2023 at 10:38PM The Exercise Cyber Star program, organized by the Cyber Security Agency of Singapore (CSA) and the SANS Institute, aims to improve Singapore’s ability to respond to cyber attacks. The fifth edition brought together participants from various sectors for workshops on threats like ransomware and insider threats. It also featured a…
-
October 9, 2023 at 10:26PM – Electric Power System Cybersecurity Vulnerabilities
October 9, 2023 at 10:26PM The electric power industry is facing increasing cyber threats due to digitalization and the interconnectedness of IT and OT systems. A webinar by Trend Micro discussed these challenges and provided solutions, including improving employee security awareness, job rotation between IT and OT departments, and automation of incident response. The webinar…
-
October 9, 2023 at 05:56PM – D-Link WiFi range extender vulnerable to command injection attacks
October 9, 2023 at 05:56PM The D-Link DAP-X1860 WiFi 6 range extender has a vulnerability that allows for denial of service attacks and remote command injection. Despite being notified multiple times, D-Link has not released any fixes. Attackers can exploit the flaw by creating an SSID with a tick symbol and executing commands. Owners are…