The maintainers of Jenkins, an open-source automation server widely used for continuous integration and delivery, have patched nine security vulnerabilities, including one critical issue that poses a serious risk of remote code execution (RCE). This vulnerability, identified as CVE-2024-23897, allows unauthorized users to read arbitrary files from the Jenkins controller’s…
Recent cybersecurity investigations have unveiled significant insights into the functioning of a notorious malware family known as SystemBC. This malware operates through a command-and-control (C2) server setup that has been analyzed by researchers at Kroll, revealing its availability for purchase on various underground marketplaces. Kroll’s analysis indicates that purchasers receive…
Cisco Addresses Critical Security Vulnerability in Unified Communications Products Cisco has recently issued important patches to mitigate a serious security vulnerability affecting multiple products within its Unified Communications and Contact Center Solutions range. This flaw, identified as CVE-2024-20253, is rated critically high with a CVSS score of 9.9. It poses…
Mexican financial institutions are currently being targeted by a sophisticated spear-phishing campaign that deploys a modified variant of the open-source remote access trojan known as AllaKore RAT. This attack has been attributed to an unidentified financially motivated actor based in Latin America, with the campaign having been operational since at…
Cybersecurity researchers have discovered a new variant of the Phobos ransomware family named Faust. This iteration was documented by Fortinet FortiGuard Labs, which detailed its dissemination method involving a Microsoft Excel document (.XLAM) that contains a VBA script capable of executing malicious actions. The attack initiates when the victim opens…
A recently addressed security vulnerability in Microsoft Outlook exposes users to potential exploitation by malicious actors aiming to access NT LAN Manager (NTLM) v2 hashed passwords through specially crafted files. The flaw, identified as CVE-2023-35636, has been rated with a CVSS score of 6.5 and was patched during Microsoft’s December…
Juniper Networks Addresses High-Security Vulnerabilities Juniper Networks has announced critical out-of-band updates to its SRX Series and EX Series products to counter high-severity vulnerabilities that could potentially allow adversaries to take control of affected systems. This announcement underscores the growing risks in cybersecurity, particularly for organizations relying on Juniper’s networking…
GitLab has once again addressed a significant security vulnerability in both its Community Edition (CE) and Enterprise Edition (EE). This flaw, designated as CVE-2024-0402, poses a serious risk, allowing authenticated users to write files to arbitrary locations on the server while creating a workspace. The vulnerability, which received a critical…
A critical vulnerability affecting the widely used GNU C Library (glibc) has come to light, enabling local malicious actors to gain full root access on Linux systems. This flaw is tracked as CVE-2023-6246, with a CVSS rating of 7.8, indicating a high level of severity. The vulnerability is located in…
