Russia-linked phishing campaigns are targeting civil society and NGOs operating in the region and abroad, according to a new investigation by Access Now and the Citizen Lab.
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.
Among the most critical are CVE-2024-39825 and CVE-2024-39818, both with a CVSS score of 8.5, indicating a high level of severity
CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.
Security researchers have detailed and published a PoC exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8)
The National Crime Agency leads the UK's fight to cut serious and organised crime.
Tenable finds privilege-escalation issues in Azure Health Bot via an SSRF, which allowed access to cross-tenant resources.
The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the
Today, the National Institute of Standards and Technology (NIST) announced the first standardization of three cryptography schemes that are immune against the threat of quantum computers, known as post-quantum cryptography (PQC) schemes. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning as soon as possible.
Researchers have "reverse-engineered" HID's iCLASS SE platform and will be "revealing some cryptographic keys to the kingdom."
The agency said at least 43 companies have been attacked by the group in the U.S., South America, India, Europe, the United Arab Emirates, and elsewhere.
CrowdStrike President Michael Sentonas appears at DEF CON's annual Pwnie Awards to accept the 'award' because 'we got this horribly wrong [and] it's super important to own it.'
Sous le domaine dleci.ch, une page de phishing a été mise en ligne, reproduisant à l'identique le contenu de dieci.ch.
In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers.
Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched.
Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers.
App & API Protector customers who are in automatic mode have existing and updated protections.
On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing Techniques, Tactics, and Procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
We have received a takedown notice from the company mSpy, alleging that the domain ddosecrets.com, specifically the section https://data.ddosecrets.com/MSpy/, is hosting stolen personal and corporate data belonging to them.
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.
The vulnerabilities allowed one security researcher to peek inside the leak sites without having to log in.
