Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. […]
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. […]
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information.
Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request
Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request
Critical Authentication Flaw Haunts GitHub Enterprise Server
GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
Phrack hacker zine publishes new edition after three years
Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine’s history. […]
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials
New phishing attacks target iOS and Android users with Progressive Web Applications and WebAPKs to steal banking information.
The post New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials appeared first on SecurityWeek.
GitHub Enterprise Server vulnerable to critical auth bypass flaw
A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. […]
Arden Claims Service Reports Data Breach, 139,000 Affected
Personal information for about 39,000 individuals was stolen in October 2023 from class action settlement administrator Arden Claims Service.
The post Arden Claims Service Reports Data Breach, 139,000 Affected appeared first on SecurityWeek.
Why LinkedIn Developed Its Own AI-Powered Security Platform
An inside look at how LinkedIn developed an internal AI-assisted vulnerability management system to protect its massive infrastructure and user base.
The post Why LinkedIn Developed Its Own AI-Powered Security Platform appeared first on SecurityWeek.