The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. […]
New MOVEit Transfer Vulnerability Under Active Exploitation – Patch ASAP!
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed.
The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions –
The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions –
From 2023.0.0 before 2023.0.11
From 2023.1.0 before 2023.1.6, and&
Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. […]
Windows 11 KB5039302 update released with 9 changes or fixes
The June 2024 optional update for Windows 11 is now available. The latest update, KB5039302, is for Windows 11 version 22H2 and newer and brings several new features and fixes. […]
Windows 10 KB5039299 update released with 10 changes or fixes
The June 2024 optional update for Windows 10 is now available. Today’s update brings KB5039299 for Windows 10 version 22H2 and older, with up to nine bug fixes or changes. […]
Snowblind malware abuses Android security feature to bypass security
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. […]
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.
While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean
While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean
Practical Guidance For Securing Your Software Supply Chain
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For example, look no
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner.
Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.
“When your headphones are seeking a connection request to one of your previously
Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.
“When your headphones are seeking a connection request to one of your previously
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer.
A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.
According to Sucuri, the latest campaign entails making malicious modifications to the
A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.
According to Sucuri, the latest campaign entails making malicious modifications to the