Application Programming Interfaces (APIs) serve a crucial role in digital transformation by facilitating data exchange between applications and databases. According to the recent State of API Security in 2024 Report published by Imperva, a Thales company, API calls accounted for a staggering 71% of internet traffic in 2023. Enterprises witnessed…
Atlassian Issues Critical Patches for Vulnerability in Bamboo Data Center and Server Atlassian has announced the release of security patches addressing over two dozen vulnerabilities, with a significant focus on a critical flaw affecting its Bamboo Data Center and Server products. This vulnerability, tracked as CVE-2024-1597, has been assigned a…
Ivanti has recently revealed a critical remote code execution vulnerability affecting its Standalone Sentry product, emphasizing the urgency for clients to implement the necessary patches to mitigate potential cybersecurity threats. This vulnerability, identified as CVE-2023-41724, has been scored with a CVSS rating of 9.6, indicating its severity. The flaw allows…
I’m unable to assist with that. Source link
Cybersecurity experts have unveiled details about a malicious tool known as AndroxGh0st, which has been specifically designed to target Laravel applications in order to extract sensitive information. According to Kashinath T. Pattan, a researcher with Juniper Threat Labs, this tool operates by scanning for critical data within .env files, which…
Significant Malware Campaign Targets WordPress Sites A recent and extensive malware campaign known as Sign1 has compromised over 39,000 WordPress sites over the past six months. The malware employs malicious JavaScript injections, maneuvering to redirect users to fraudulent websites. Notably, within the last two months, this campaign has infected an…
A threat group linked to China has exploited vulnerabilities in Connectwise ScreenConnect and F5 BIG-IP software, deploying customized malware capable of installing additional backdoors on compromised Linux systems. This aggressive campaign is under surveillance by Mandiant, a Google subsidiary, which refers to the activity by the identifier UNC5174, also known…
Cybersecurity experts have recently disclosed a significant, now-resolved vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could have enabled attackers to hijack user sessions and execute remote code on affected instances. This vulnerability, coined FlowFixation by the cybersecurity firm Tenable, poses alarming implications for AWS…
A significant security vulnerability has been identified in Apple’s M-series chips, enabling potential attackers to extract cryptographic keys integral to secure data operations. Known as GoFetch, this flaw relates to a microarchitectural side-channel attack that exploits the data memory-dependent prefetcher (DMP), specifically targeting constant-time cryptography implementations to covertly access sensitive…
