Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. […]
CISA confirms critical Cleo bug exploitation in ransomware attacks
CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. […]
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.
The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog Security Labs, that
The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog Security Labs, that
FTC warns of online task job scams hooking victims like gambling
The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. […]
CISA warns water facilities to secure HMI systems exposed online
CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. […]
Russia blocks Viber in latest attempt to censor communications
Russian telecommunications watchdog Roskomnadzor has blocked the Viber encrypted messaging app, used by hundreds of millions worldwide, for violating the country’s legislation. […]
Russian cyberspies target Android users with new spyware
Russian cyberspies Gamaredon has been discovered using two Android spyware families named ‘BoneSpy’ and ‘PlainGnome’ to spy on and steal data from mobile devices. […]
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations.
“The conspirators, who worked for
“The conspirators, who worked for
Critical Vulnerabilities Found in Ruijie Reyee Cloud Management Platform
Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.
The post Critical Vulnerabilities Found in Ruijie Reyee Cloud Management Platform appeared first on SecurityWeek.