Security News > 2024

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

2024-01-11 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...

#apache #ERP #exploit #POC #vulnerability #CVE-2023-51467

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

2024-01-11 14:00

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS),...

#cloud #hacking #python #saas

Pharmacies Giving Patient Records to Police without Warrants

2024-01-11 12:09

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

#police

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

2024-01-11 11:56

Cisco has fixed a critical vulnerability in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system.Cisco Unity Connection is a unified messaging and voicemail solution for email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, and tablet.

#critical #cisco #root #patch #CVE-2024-20272

There is a Ransomware Armageddon Coming for Us All

2024-01-11 11:43

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new...

#ransomware #US

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

2024-01-11 11:40

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its...

#atomic #encrypted #MAC #upgrade

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

2024-01-11 11:35

Two zero-day vulnerabilities in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. The two security flaws affect all supported versions of Ivanti Connect Secure - formerly known as Pulse Connect Secure - and Ivanti Policy Secure.

#ivanti #zeroday #CVE-2023-46805 #CVE-2024-21887

Mandiant's X Account Was Hacked Using Brute-Force Attack

2024-01-11 06:10

The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group....

#attack #hacked

Purple teaming and the role of threat categorization

2024-01-11 05:30

These assessment services typically test defenses against ten to twenty attack techniques, and only use one variations of each technique. How can teams defend against the huge cloud of possible variations of each attack technique when they don't account for all those variations? This is why I believe purple team assessments must evolve.

#threat

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

2024-01-11 05:29

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity...

#chinese #exploit #hacker #ivanti #policy #zeroday

Security News > 2024 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News","item":"https://cyber.vumetric.com/security-news/"},{"@type":"ListItem","position":2,"name":"2024"}]}

Security News > 2024