brangberg – Page 1077

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra’s Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes.
“The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server’s local user account to a remote server, potentially allowing the attacker to relay the authentication or

VMware fixes bad patch for critical vCenter Server RCE flaw

VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. […]

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.
“In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical

Stream.Security Secures $30 Million Series B

Stream.Security (formerly Lightlytics) has raised a total of $55 million since launching in 2020 with a cloud data security product.

The post Stream.Security Secures $30 Million Series B appeared first on SecurityWeek.

SecurityWeek’s 2024 ICS Cybersecurity Conference Kicks Off in Atlanta

Premier Industrial Cybersecurity Conference offers 80+ sessions and hands-on training to tackle critical infrastructure cyber threats.

The post SecurityWeek’s 2024 ICS Cybersecurity Conference Kicks Off in Atlanta appeared first on SecurityWeek.

Google Warns of Samsung Zero-Day Exploited in the Wild

A zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution.

The post Google Warns of Samsung Zero-Day Exploited in the Wild appeared first on SecurityWeek.

CISA and USPIS Release Two Election Mail Security Resources

Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks

Critical and high-severity vulnerabilities that can lead to full device compromise have been found in mbNET.mini and Helmholz industrial routers.

The post Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks appeared first on SecurityWeek.

BlackCat Ransomware Successor Cicada3301 Emerges

The Cicada3301 ransomware shows multiple similarities with BlackCat and is believed to mark the reemergence of the threat.

The post BlackCat Ransomware Successor Cicada3301 Emerges appeared first on SecurityWeek.

A Comprehensive Guide to Finding Service Accounts in Active Directory

Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secure these accounts within Active Directory (AD), and explore how Silverfort’s solutions can help enhance your

Author: brangberg