Vulnerabilities
-
Amazon Patches Critical Vulnerability in EC2 SSM Agent
Amazon has addressed a critical vulnerability in its EC2 Simple Systems Manager (SSM) Agent that posed significant risks of privilege escalation and code execution, with the flaw traced back to improper validation of plugin IDs.
-
Cybersecurity Firm Reports on Exploitation of Serious CrushFTP Vulnerability
Huntress has detailed alarming activities following exploitation of the CrushFTP vulnerability, demonstrating ongoing risks to critical sectors like marketing and retail. CISA has added the flaw to its KEV catalog, prompting renewed urgency for organizations to secure their systems.
-
Cybersecurity Alert: Neptune RAT Targets Windows Users via Popular Platforms
Researchers at CYFIRMA announced the discovery of a new version of Neptune RAT, an advanced Remote Access Trojan targeting Windows systems. Found on platforms like GitHub and YouTube, its capabilities include credential theft, ransomware attacks, and more, raising serious cybersecurity concerns.
-
NIST Places Pre-2018 Vulnerabilities on Deferred Status Amid Resource Reallocation
NIST has announced that all CVEs published before 2018 will be marked as ‘Deferred’ in the National Vulnerability Database, reallocating resources towards emerging threats while placing the responsibility for legacy vulnerabilities on individual organizations.
-
WK Kellogg Co Reports Data Breach Linked to Clop Ransomware Gang
WK Kellogg Co has reported a data breach linked to the Clop ransomware gang, exposing sensitive employee information. The breach stems from vulnerabilities in Cleo file transfer software, prompting the company to offer identity protection services to affected individuals.
-
Florida Man Pleads Guilty in High-Profile Cryptocurrency Theft Linked to Scattered Spider Gang
Noah Michael Urban, a Florida man connected to the Scattered Spider hacking gang, pleaded guilty to cryptocurrency thefts totaling over $800,000. His crimes included SIM swap fraud and aggravated identity theft, resulting in significant losses for victims. Urban, known as ‘King Bob,’ faces restitution of $13 million and awaits sentencing within 75 days.
-
New Cyber Threat Emerges as PoisonSeed Targets CRM Accounts
The PoisonSeed campaign is exploiting compromised credentials from CRM tools and email services to send spam containing cryptocurrency seed phrases, endangering businesses and individuals alike.
-
Surge in Phishing Attacks Imitating E-ZPass and Toll Authorities
A significant increase in phishing scams impersonating toll agencies such as E-ZPass is causing concern among users, with messages aimed at stealing personal information on the rise.
-
New WinRAR Vulnerability Poses Risk of Arbitrary Code Execution
A newly disclosed vulnerability in WinRAR allows attackers to bypass essential Windows security mechanisms, enabling arbitrary code execution on affected systems, prompting urgent updates and user vigilance.
-
Oracle Acknowledges Data Breach Amid Lawsuit Over Concealment
Oracle Corp. has admitted to a significant data breach, revealing that a hacker accessed sensitive client login details, shortly after a lawsuit accused the company of attempting to cover up the incident. The breach has raised serious concerns about cloud security and has led to legal action amid calls for enhanced security measures.
