September 5, 2024 at 07:12AM Multiple threat groups have exploited two old vulnerabilities in DrayTek VigorConnect management software to target organizations worldwide. The flaws allow attackers to download arbitrary files with root privileges. Exploitation attempts spiked in August, prompting CISA to add the vulnerabilities to its KEV catalog. The attacks seem broad and not targeting … Read more
September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more
August 30, 2024 at 09:00AM Cybersecurity news, webcasts, virtual events on SecurityWeek network including topics such as malware, cyberwarfare, data breaches, ransomware, vulnerability, incident response, security architecture, IoT security, risk management, and more. Also, features ICS Cybersecurity Conference, CISO conversations, industrial cybersecurity, funding/M&A tracker, and more. It appears that the meeting notes cover various topics … Read more
August 30, 2024 at 05:42AM The article discusses the overlooked threat of Active Directory Certificate Services (AD CS) vulnerabilities. It highlights the potential dangers and implications of these vulnerabilities, emphasizing the responsibility to address and mitigate them. It also introduces tools such as vPenTest by Vonahi Security and PSPKIAudit to assist in identifying and addressing … Read more
August 29, 2024 at 08:06AM Nozomi Networks discovered vulnerabilities in Beckhoff Automation’s TwinCAT/BSD operating system. The Device Manager component has four vulnerabilities, including ‘high severity’ flaws that can be exploited for authentication bypass and cross-site scripting attacks, potentially compromising the PLC administrator’s password. There are also ‘medium severity’ vulnerabilities allowing for PLC denial of service … Read more
August 28, 2024 at 11:00AM SecurityWeek Network provides cybersecurity news, webcasts, virtual events, and resources on various topics including malware, cyberwarfare, data breaches, ransomware, and more. The ICS Cybersecurity Conference, virtual engagements, and updates on funding and M&A in the cybersecurity sector are also covered. It seems like the meeting notes are related to the … Read more
August 26, 2024 at 07:30AM Cybersecurity researchers have identified over 20 vulnerabilities in machine learning (ML) software supply chain, posing severe risks like arbitrary code execution and dataset loading. These affect MLOps platforms and ML libraries, like MLFlow and Seldon Core, enabling attackers to execute code and move laterally. The disclosure emphasizes the need for … Read more
August 25, 2024 at 10:03PM Deniss Zolotarjovs, a suspected member of the Russian Karakurt ransomware gang, has been charged in a US court with money laundering and extortion. A Chrome vulnerability (CVE-2024-7971) was exploited before being fixed. Additionally, Microsoft issued a workaround for dual-boot PCs facing issues with Linux after installing a Windows security update. … Read more
August 22, 2024 at 11:51AM Log4j zero-day exploits continue to be a threat despite being discovered two years ago. Cybercriminals are still targeting unpatched corporate systems, deploying malware scripts and crypto-currency miners. Nation-state actors have incorporated Log4j exploits into their toolkits, and eradicating the issue is challenging due to software dependencies. Datadog Security Labs recently … Read more
August 22, 2024 at 08:45AM CISA warned about 2 critical authentication bypass vulnerabilities in Dahua products, affecting IP cameras, monitors, intercoms, and DVRs. Tracked as CVE-2021-33044 and CVE-2021-33045, they have a CVSS score of 9.8. Exploiting these could allow unauthorized access. CISA urges entities to address these concerns promptly following BOD 22-01 guidelines. From the … Read more