January 16, 2024 at 01:10PM A critical unauthenticated remote code execution (RCE) vulnerability affects Atlassian Confluence Data Center and Confluence Server versions released before Dec. 5 (CVE-2023-22527). The bug carries a 10/10 severity rating and affects versions 8.0.x to 8.5.3. Organizations should update to the latest versions to defend against potential cyber-attacks, as no mitigations … Read more
January 16, 2024 at 01:10PM Africa and the Middle East stand out in cybersecurity compared to their economic peers, but fall short in overall cyber resilience. Despite this, efforts to improve cybersecurity in the regions are underway, including investing in replacing outdated technology and creating stronger workflows for identifying threats. Sustaining these efforts will require … Read more
January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more
January 16, 2024 at 12:19PM A set of nine vulnerabilities, named ‘PixieFail,’ impact Tianocore’s EDK II, an open-source implementation of the UEFI spec widely used in enterprise computers. The flaws, discovered by Quarkslab, affect the PXE boot process and expose systems to DoS, RCE, network session hijacking, and other attacks. Multiple vendors, including major tech … Read more
January 16, 2024 at 11:51AM Two unauthenticated denial-of-service (DoS) vulnerabilities, CVE-2022-22274 and CVE-2023-0656, threaten the security of SonicWall next-generation firewall devices. Attackers can exploit these flaws to crash devices or execute remote code. Vulnerable SonicWall series 6 and 7 firewalls are at risk. Administrators are urged to update to the latest firmware to mitigate potential … Read more
January 16, 2024 at 11:51AM The United Arab Emirates Cyber Security Council and Khalifa University have launched the Cybersecurity Academy in Abu Dhabi. The academy will provide training initiatives meeting the needs of UAE organizations, offering certification and training programs in technological, regulatory, and methodological processes in English and Arabic. Khalifa University has also partnered … Read more
January 16, 2024 at 11:12AM The Internet of Things (IoT) devices offer great power and convenience, but also pose security and privacy risks. When purchasing IoT devices, it’s important to consider the company’s reputation, country of origin, security measures, and data privacy policies. Additionally, for healthcare-related IoT devices, it’s crucial to scrutinize data handling and … Read more
January 16, 2024 at 11:12AM PAX Technology’s Android-based PoS terminals are vulnerable to multiple exploits allowing attackers to execute arbitrary code or commands, according to a report by STM Cyber. The vulnerabilities, affecting various PAX devices, include the ability to manipulate payment data, inject shell commands, and execute arbitrary code with root privileges. Patches have … Read more
January 16, 2024 at 10:23AM The FBI and CISA have issued a joint Cybersecurity Advisory (CSA) outlining indicators of compromise (IOCs) and tactics related to Androxgh0st malware. The advisory includes specific recommendations for mitigating cybersecurity incidents caused by Androxgh0st infections. The malware targets websites using Laravel and Apache HTTP Server, and allows threat actors to … Read more
January 16, 2024 at 10:23AM Atlassian Confluence Data Center and Server had a critical remote code execution vulnerability (CVE-2023-22527) impacting versions released before December 5, 2023. The flaw allowed unauthenticated attackers to perform remote code execution. Atlassian fixed the vulnerability in later versions and advises users to install the latest version to protect against potential … Read more