February 7, 2024 at 08:32AM NVD published two advisories regarding critical command injection vulnerabilities in Fortinet’s FortiSIEM products. However, it was revealed that the CVEs were duplicates of a known vulnerability issued in error. Fortinet has acknowledged this as a system-level error and is working on rectifying and withdrawing the erroneous entries. MITRE and other … Read more
February 4, 2024 at 08:38PM A SIM-swapping ring indictment may clear Sam Bankman-Fried of a $400 million crypto theft from FTX before its bankruptcy. The Powell gang stole from an unnamed firm, likely FTX, and were caught. Apple patched a pre-release security flaw in its Vision Pro headset. Numerous vulnerabilities in Docker, OCI, and various … Read more
February 4, 2024 at 12:19PM Cloudflare disclosed a likely nation-state cyber attack involving unauthorized access to its Atlassian server, leading to exposure of documentation and source code. The breach led to rotating production credentials, system triages, and termination of malicious connections. The attacker exploited stolen credentials from other hacks, prompting increased security measures and engaging … Read more
February 3, 2024 at 11:21AM AnyDesk recently suffered a cyberattack, compromising production systems and stealing source code and code signing keys. Although the company assures customers that their service is now safe to use, it recommends changing passwords and updating to the latest software version. This incident is part of a series of recent high-profile … Read more
February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more
January 28, 2024 at 08:35PM Trend Micro’s Zero Day Initiative held an automotive-focused Pwn2Own event in Tokyo, awarding over $1.3 million for 49 vehicle-related zero day vulnerabilities. Synacktiv secured $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem. Additionally, critical vulnerabilities in various products were reported, urging prompt installation of … Read more
January 24, 2024 at 10:07AM Security experts have rapidly published working exploits for a critical vulnerability in Fortra GoAnywhere MFT, exposing a serious authentication bypass issue initially disclosed by Fortra in December. Researchers from Horizon3 developed an exploit targeting a vulnerable endpoint, exposing the system to unauthorized admin user creation. Fortra advises upgrading to version … Read more
January 22, 2024 at 05:31PM Hackers are utilizing a covert approach to disseminate information-stealing malware to macOS users via DNS records. The campaign targets macOS Ventura and later users, leveraging cracked applications containing a trojan. Victims unknowingly execute the malware, granting it access to their system and potentially compromising sensitive data. Kaspersky’s findings underscore the … Read more
January 16, 2024 at 07:36AM The definition of a hacker is explored in an interview with HD Moore, who highlights the distinctions between moral, amoral, and immoral hacking based on intent and actions. He recounts his upbringing, early experiences of exploring technology, and the ethical dilemmas faced. The interview delves into the legal implications and … Read more
January 15, 2024 at 02:43PM Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised … Read more