Vulnerabilities
-
Cisco IOS XE Flaw Exposes Devices to Security Risks
A recently disclosed vulnerability in Cisco IOS XE software allows unauthorized remote access, potentially exposing devices to significant security risks. Cisco and independent researchers urge immediate actions for mitigation.
-
New Vulnerabilities Discovered in Linux Core Dump Handlers Pose Security Risks
Two vulnerabilities in Linux core dump handlers could allow local attackers to access sensitive information, prompting security warnings from Qualys and other vendors. Mitigation measures are being recommended to protect user data.
-
International Law Enforcement Operation Disrupts Major Cybercrime Tool AVCheck
Authorities have dismantled AVCheck, a cybercriminal service that tested malware against antivirus software. This effort represents a significant step in combating organized cybercrime, as law enforcement agencies worldwide collaborate to disrupt criminal operations.
-
China-Linked Hackers Target South Asian Organizations Through Critical SAP Vulnerability
A China-linked hacker group known as Earth Lamia has successfully exploited a critical SAP vulnerability, targeting numerous organizations in South Asia and expanding their tactics beyond financial sectors to include IT and governmental entities.
-
ConnectWise Reports Cyber Attack Linked to Nation-State Actors
ConnectWise has disclosed a cyber attack likely orchestrated by a nation-state actor, affecting some ScreenConnect customers. The firm is investigating the breach with the help of Google Mandiant while assuring customers of enhanced security measures.
-
Cybercriminals Exploit Popular AI Tools to Distribute Ransomware and Malware
Cybercriminals are exploiting popular AI tools to distribute ransomware and malware, including CyberLock and Lucky_Gh0$t. A report by Cisco Talos highlights the tactics used to lure victims through fake installations of AI solutions, increasing the urgency for enhanced cybersecurity measures.
-
LexisNexis Reports Data Breach Impacting Over 364,000 Individuals
LexisNexis Risk Solutions has disclosed a data breach impacting over 364,000 individuals, revealing that personal information such as names and Social Security numbers was stolen from a GitHub account. The company emphasized that no financial information was compromised and is offering two years of free identity protection to those affected.
-
Security Flaw in OneDrive File Picker Exposes Users to Risks
A recently discovered vulnerability in Microsoft’s OneDrive File Picker may allow third-party apps to access users’ entire OneDrive storage without their clear consent, posing significant risks of data exposure and compliance violations.
-
Critical WordPress Plugin Vulnerability Exposes Over 100,000 Sites to Attack
A critical vulnerability in the TI WooCommerce Wishlist plugin for WordPress exposes over 100,000 websites to potential file upload attacks, prompting security experts to recommend immediate action.
-
Security Flaw Leaves Thousands of Asus Routers Vulnerable to Backdoor Attacks
Thousands of Asus routers are vulnerable to backdoor attacks due to exploited security flaws, as revealed by cybersecurity experts. Users are urged to check their settings and apply necessary updates.
