December 14, 2023 at 07:18AM Several serious vulnerabilities have been found in Dell’s PowerProtect products, impacting various appliances and potentially allowing attackers to execute malicious code, steal information, and gain control of systems. Dell is urging customers to review and implement security measures outlined in the DSA-2023-412 advisory and emphasizes the importance of product security … Read more
December 13, 2023 at 02:01PM Threat actors are exploiting weak authentication to abuse OAuth applications for cryptomining, phishing, and password spraying attacks, compromising user accounts for Microsoft services and exploiting OAuth applications with high privilege permissions. Mitigation includes implementing multifactor authentication and auditing apps and consented permissions. OAuth presents various risks and security researchers have … Read more
December 12, 2023 at 09:57AM Around 1,450 pfSense instances online are vulnerable to command injection and cross-site scripting flaws, potentially allowing remote code execution. SonarCloud’s researchers discovered these flaws in mid-November, affecting older versions of pfSense. Netgate released security updates in November, but as of now, the majority of instances remain vulnerable, posing a significant … Read more
December 11, 2023 at 09:34AM Spanish police have arrested a leader of the ‘Kelvin Security’ hacking group responsible for 300 cyberattacks in 90 countries since 2020. The group targeted government institutions and critical infrastructure, with notable breaches including Vodafone Italia and U.S. firm Frost & Sullivan. The arrest aims to uncover co-conspirators and data buyers. … Read more
November 28, 2023 at 03:53AM Researchers have discovered multiple critical vulnerabilities in the infrastructure used by AI models, exposing companies to risk as they adopt AI technology. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. The vulnerabilities could allow attackers unauthorized access to AI models and the network. Companies must prioritize security … Read more
November 27, 2023 at 02:50PM Healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, following a breach in October. The company has restored its U.S. e-commerce platform and expects the platforms in Canada and Europe to be back online soon. The BlackCat gang claims to have stolen 35 … Read more
November 24, 2023 at 10:40AM The owner of OpenCart, an e-commerce store management system, has responded hostilely to a security researcher who disclosed a vulnerability in the product. The researcher, Mattia Brollo, tried to contact OpenCart for nearly a month through various channels before receiving dismissive and offensive responses from the owner, Daniel Kerr. OpenCart … Read more
November 22, 2023 at 05:39PM Researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system that allow hackers to bypass the security and login as someone else. The team found flaws in the communication between the software and hardware components of laptops using fingerprint sensors from Goodix, Synaptics, and ELAN. The vulnerabilities vary across different … Read more
November 22, 2023 at 09:06AM Security researchers successfully bypassed fingerprint authentication on three popular laptops equipped with Windows Hello. Blackwing Intelligence and Microsoft’s MORSE conducted the research, targeting a Dell Inspiron 15, a Lenovo ThinkPad T14s, and a Microsoft Surface Pro X. The attacks required physical access to the devices and involved spoofing legitimate user … Read more
November 20, 2023 at 07:45AM A USB worm called LitterDrifter, attributed to the Russia-linked Gamaredon group, has spread beyond Ukraine, its primary target, according to cybersecurity firm Check Point. The worm, also known as Armageddon and Aqua Blizzard, is designed to automatically spread to other USB drives and communicate with command-and-control servers. While Gamaredon primarily … Read more