Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. […]
USDoD hacker behind National Public Data breach arrested in Brazil
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil’s Polícia Federal in “Operation Data Breach”. […]
Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework
Artificial intelligence tech giant Nvidia issues a warning for code execution and data tampering security problems in the NeMo platform.
The post Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework appeared first on SecurityWeek.
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its ‘Known Exploited Vulnerabilities’ (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. […]
US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers
The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year. […]
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager.
The post VMware Patches High-Severity SQL Injection Flaw in HCX Platform appeared first on SecurityWeek.
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. […]
Android 15 Rolling Out With New Theft, Application Protection Features
Google has released Android 15 with new security features to keep devices and sensitive applications better protected.
The post Android 15 Rolling Out With New Theft, Application Protection Features appeared first on SecurityWeek.
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity.
Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.”
EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is
Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.”
EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is
Understand these seven password attacks and how to stop them
Hackers are always looking for new ways to crack passwords and gain access to your organization’s data and systems. In this post, Specops Software discusses the seven most common password attacks and provide tips on how to defend against them. […]