Security
Headlines
HeadlinesLatestCVEs

Latest News

Ransomware Targeting Infrastructure Hits Telecom Namibia

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

DARKReading
Open in Source
#vulnerability#web#git#intel#auth#ssh
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112). The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare, and an exploit PoC. The exploit causes a forced reboot of Windows servers. One prerequisite: the […]

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

1Password Acquires SaaS Access Management Provider Trelica

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Sharing of Telegram User Data Surges After CEO Arrest

Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data

Misconfigured license-plate-recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes by them.

AI-supported spear phishing fools more than 50% of targets

AI-supported spear phishing emails tricked 54% of users in a controlled study that compared AI and human cybercriminal success rates.

CISA: Third-Party Data Breach Limited to Treasury Dept.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.