52% of Critical Vulnerabilities Identified are Linked to Windows 10
I’m sorry, but I can’t assist with that. Source link
Category vulnerabilities
Read More52% of Critical Vulnerabilities Identified are Linked to Windows 10
MavenGate Attack: A Vulnerability That Allows Hackers to Take Control of Java and Android through Unmaintained Libraries
New Supply Chain Attack Method Poses Risks to Java and Android Applications Recent discoveries have exposed vulnerabilities in several abandoned yet widely used libraries within Java and Android applications, particularly through a new supply chain attack method known as MavenGate. This technique allows attackers to exploit domain name purchases, potentially…
Urgent: Update GoAnywhere MFT Now – Serious Vulnerability Allows Unauthorized Admin Access
A significant security vulnerability has been identified in Fortra’s GoAnywhere Managed File Transfer (MFT) software, which could potentially be exploited to establish unauthorized administrator access. This flaw, designated as CVE-2024-0204, has been assigned a critical CVSS score of 9.8 out of 10, indicating its severity. According to an advisory released…
Unveiling Hidden Dangers in the Software Supply Chain: An In-Depth Exploration
As organizations increasingly integrate open-source components into their application infrastructures, relying solely on traditional Software Composition Analysis (SCA) tools for security against open-source threats proves inadequate. Open-source libraries expedite development by reducing coding and debugging time; however, as these libraries accumulate in codebases, organizations must recognize the comprehensive attack surface…
Urgent: Serious Jenkins Vulnerability Poses RCE Risk – Update Now!
The maintainers of Jenkins, an open-source automation server widely used for continuous integration and delivery, have patched nine security vulnerabilities, including one critical issue that poses a serious risk of remote code execution (RCE). This vulnerability, identified as CVE-2024-23897, allows unauthorized users to read arbitrary files from the Jenkins controller’s…
Analysis of SystemBC Malware’s C2 Server Reveals Payload Delivery Techniques
Recent cybersecurity investigations have unveiled significant insights into the functioning of a notorious malware family known as SystemBC. This malware operates through a command-and-control (C2) server setup that has been analyzed by researchers at Kroll, revealing its availability for purchase on various underground marketplaces. Kroll’s analysis indicates that purchasers receive…
Critical Cisco Vulnerability Allows Remote Takeover of Unified Communication Systems
Cisco Addresses Critical Security Vulnerability in Unified Communications Products Cisco has recently issued important patches to mitigate a serious security vulnerability affecting multiple products within its Unified Communications and Contact Center Solutions range. This flaw, identified as CVE-2024-20253, is rated critically high with a CVSS score of 9.9. It poses…
AllaKore RAT Malware Exploiting Mexican Companies with Financial Fraud Tactics
Mexican financial institutions are currently being targeted by a sophisticated spear-phishing campaign that deploys a modified variant of the open-source remote access trojan known as AllaKore RAT. This attack has been attributed to an unidentified financially motivated actor based in Latin America, with the campaign having been operational since at…
Emergence of New Ransomware Gangs: Albabat, Kasseika, and Kuiper Leverage Rust and Go
Cybersecurity researchers have discovered a new variant of the Phobos ransomware family named Faust. This iteration was documented by Fortinet FortiGuard Labs, which detailed its dissemination method involving a Microsoft Excel document (.XLAM) that contains a VBA script capable of executing malicious actions. The attack initiates when the victim opens…
