F5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus.
The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek.
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations.
Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.
“Blind Eagle has demonstrated adaptability in
Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.
“Blind Eagle has demonstrated adaptability in
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information.
“A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs),” AppOmni’s Aaron Costello
“A potential issue in NetSuite’s SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs),” AppOmni’s Aaron Costello
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks.
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
“Jenkins Command Line Interface (CLI) contains a
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
“Jenkins Command Line Interface (CLI) contains a
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. […]
US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns
The assessment from agencies was the first time the U.S. government assigned blame for hacks that have raised anew the threat of foreign election interference.
The post US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns appeared first on SecurityWeek.
Toyota confirms breach after stolen data leaks on hacking forum
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company’s systems on a hacking forum. […]
Ransomware rakes in record-breaking $450 million in first half of 2024
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. […]
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it’s actively exploited in attacks. […]
Hackers linked to $14M Holograph crypto heist arrested in Italy
Suspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph was arrested in Italy after living a lavish lifestyle for weeks in the country. […]