SolarWinds Patches Critical Vulnerability in Access Rights Manager

September 16, 2024 at 05:27AM SolarWinds has released patches for two vulnerabilities in its Access Rights Manager, including a critical-severity bug (CVE-2024-28991) enabling remote code execution. A second issue (CVE-2024-28990) allows an attacker to access RabbitMQ management console. Both were resolved in version 2024.3.1 and users are advised to update installations promptly. No exploitation in … Read more

Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure

September 16, 2024 at 05:27AM Exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability CVE-2024-8190 began shortly after the vendor released patches. The high-severity flaw enables unauthorized access and remote code execution, affecting certain versions of the CSA. Ivanti has addressed the issue in Patch 519 and CSA 5.0, but noted limited customer exploitation. CISA … Read more

China’s quantum* crypto tech may be unhackable, but it’s hardly a secret

September 16, 2024 at 04:33AM China is making significant strides in quantum networking leadership and infrastructure using quantum key distribution (QKD). While this seems secure, it doubles bandwidth and has minimal practical applications due to its inefficiency and reliance on short distances. In contrast, public key cryptography is faster, more practical, and immune to quantum … Read more

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

September 16, 2024 at 04:09AM Apple has filed a motion to dismiss its lawsuit against NSO Group, citing a shifting risk landscape that could expose critical “threat intelligence” information. The lawsuit, originally filed in 2021, aimed to hold NSO Group accountable for illegally targeting users with its Pegasus surveillance tool. Apple now seeks voluntary dismissal … Read more

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

September 16, 2024 at 01:21AM Cybersecurity researchers have identified ongoing phishing campaigns using HTTP header refresh entries to deliver fake email login pages, targeting large corporations in South Korea, U.S. government agencies, and schools. These attacks encompass various sectors and are part of a growing trend of sophisticated tactics to trick recipients and steal sensitive … Read more

23andMe settles class-action breach lawsuit for $30 million

September 15, 2024 at 10:34PM Genetic testing company 23andMe has settled a class action suit related to a 2023 data breach for $30 million. The settlement covers 6.4 million US citizens affected and includes privacy and monitoring provisions. In other news, Apple dropped its lawsuit against NSO Group, and two individuals were arrested for running … Read more

Windows vulnerability abused braille “spaces” in zero-day attacks

September 15, 2024 at 02:18PM The “Windows MSHTML spoofing vulnerability” (CVE-2024-43461) was exploited by the Void Banshee APT hacking group, leading to it being reclassified as previously exploited. Based on the meeting notes, it appears that the “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 was recently fixed but has now been marked as previously exploited … Read more

FBI tells public to ignore false claims of hacked voter data

September 15, 2024 at 02:18PM The FBI and CISA warn of false claims about U.S. voter registration data being compromised by cyberattacks. They highlight that this disinformation aims to manipulate public opinion and undermine confidence in democratic institutions. No evidence of a cyberattack impacting the election process or compromising the integrity of the results has … Read more

Malware locks browser in kiosk mode to steal Google credentials

September 15, 2024 at 02:18PM A new malware campaign locks users in their browser’s kiosk mode to prompt them for Google credentials, which are then stolen by information-stealing malware. This uncommon method serves to frustrate and deceive users into entering sensitive information. Based on the meeting notes, it appears that a malware campaign has been … Read more

South Korea Digital Forensics Market to Hit US $3.52B by 2031

September 14, 2024 at 09:06AM CoherentMI’s report on the South Korea Digital Forensics Market reveals that it is estimated to reach US$3.52 billion by 2031, with a CAGR of 11.5%. The rising digitalization in various sectors has led to an increase in cybercrimes, driving demand for digital forensics services. Major trends include mobile device and … Read more