Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

FCC Proposes New Cybersecurity Rules for Telecoms

FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

DARKReading
#vulnerability#cisco#git#intel#auth
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

GHSA-gg6x-448q-pqqm: Avenwu Whistle Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.

'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.

Scottish Parliament TV at Risk From Deepfakes

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability

A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.

Cybercrime Gangs Abscond With Thousands of AWS Credentials

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

GHSA-f626-677r-j5vq: Nette Database SQL injection

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.