Recent Security News
-
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments.…
-
Palo Alto Networks Adds New Capabilities to OT Security Solution
October 22, 2024 at 05:30AM Palo Alto Networks has enhanced its OT Security solution by incorporating new capabilities for remote access, virtual patching, and firewall functionality. **Meeting Takeaways:** 1. **New Capabilities Added**: Palo Alto Networks has enhanced its OT Security solution. 2. **Specific Enhancements**: – New remote access features – Virtual patching capabilities – Improved…
-
Pharma Giant Johnson & Johnson Discloses Data Breach
October 22, 2024 at 04:54AM Johnson & Johnson has reported a data breach that affects the personal information of thousands of individuals. This incident highlights ongoing concerns regarding data security in large corporations. The details of the breach have been shared by SecurityWeek. **Meeting Takeaways:** 1. **Incident**: Johnson & Johnson has disclosed a data breach.…
-
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
October 22, 2024 at 03:18AM VMware has released updates for a critical security flaw (CVE-2024-38812) in vCenter Server, related to heap overflow vulnerabilities, allowing potential remote code execution. The flaw was previously patched inadequately. Users are urged to update to the latest versions to mitigate risks, although there’s currently no evidence of exploitation. **Meeting Takeaways…
-
Pixel perfect Ghostpulse malware loader hides inside PNG image files
October 22, 2024 at 01:33AM Ghostpulse malware has updated its delivery method, now embedding payloads within the pixels of PNG files, enhancing evasion of detection tools. This sophisticated technique allows it to act as a loader for more dangerous malware like Lumma, compelling defenses to evolve accordingly. Attackers also use social engineering tricks for distribution.…