A cyberattack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies.
The website for SAWS has been down since Sunday evening, according to a statement posted to social media. SAWS has had to use Facebook, X and other sites to share daily information on thunderstorms, wildfires and other weather events.
After identifying a significant overlap between IPs exploiting CVE-2024-40891 and those classified as Mirai, the team investigated a recent variant of Mirai and confirmed that the ability to exploit CVE-2024-40891 has been incorporated into some Mirai strains.
GreyNoise is observing active exploitation attempts targeting a zero-day critical command injection vulnerability in Zyxel CPE Series devices tracked as CVE-2024-40891. At this time, the vulnerability is not patched, nor has it been publicly disclosed. Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration. At publication, Censys is reporting over 1,500 vulnerable devices online.
The Silver Dania is the third ship detained in recent weeks over concerns of intentional damage to subsea infrastructure in the Baltic Sea.
Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.
Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’
A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability.
When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.
The Council imposed restrictive measures on three individuals involved in cyber-attacks against Estonia.
The Chaos Computer Club demands that the trust service provider D-Trust take responsibility and abolish the hacker paragraph.
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
Frederick Health Hospital's emergency department was not accepting new patients on Monday morning, according to a state emergency medical services website.
We dive into FleshStealer, a new strain of information-stealing malware—explaining what it is and its potential impact on organizations.
OpenAI on Tuesday announced the launch of ChatGPT for government agencies in the U.S. ...It allows government agencies, as customers, to feed “non-public, sensitive information” into OpenAI’s models while operating within their own secure hosting environments, OpenAI CPO Kevin Weil told reporters during a briefing Monday.
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…
The 2024 ransomware attack on Change Healthcare exposed the data of about 190 million people, according to an update from parent company UnitedHealth Group.
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.
The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating.
Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.
Another undersea data cable, this time connecting Sweden and Latvia, has been severed in the Baltic Sea, officials from both countries said Sunday. The incident prompted Sweden to launch a criminal probe into the matter and seize a "suspect vessel" vessel headed for Russia.
